Notifications
Clear all
Topic starter
22/06/2026 10:23 am
TL;DR: Anthropic, OpenAI, Block, Google, and 50 companies are now shaping MCP governance through the new Agentic AI Foundation, according to WorkOS, turning a once vendor-led protocol into shared infrastructure for agent communications. For identity teams, the critical question is no longer whether agents connect to tools, but how protocol governance constrains access, delegation, and accountability.
NHIMG editorial — based on content published by WorkOS: The Agentic AI Foundation and the MCP governance panel recap
Questions worth separating out
Q: How should security teams govern AI agents that connect through MCP?
A: Security teams should govern MCP-connected agents as non-human identities with explicit tool boundaries, monitored delegation, and auditable action paths.
Q: What should IAM teams review before allowing MCP in production?
A: IAM teams should review how the protocol establishes identity, how tool permissions are assigned, and whether the same policy is enforced consistently across clients.
Q: Why does shared governance matter for agentic AI protocols?
A: Shared governance matters because agentic protocols shape how identities reach tools and data, which makes protocol design part of the authorisation model.
Practitioner guidance
- Map MCP into your identity architecture Document where agent identity is established, where tool authorization occurs, and which control owns each decision point before MCP reaches production.
- Review connector-level access boundaries Check whether each tool connector enforces least privilege independently or inherits broad permissions from the host agent or platform.
- Test protocol behavior across implementations Compare how different clients handle authentication, delegation, and context exposure so your policy does not depend on one vendor's assumptions.
What's in the full article
WorkOS's full recap covers the operational detail this post intentionally leaves for the source:
- Panel discussion context from Anthropic, OpenAI, Block, and the Linux Foundation on how MCP governance is being coordinated.
- Direct commentary on why the steering committee prefers code-backed proposals and empirical proof before standard changes.
- Details on why Goose matters as a hackable reference implementation for testing protocol behavior.
- The practical reasoning behind the Agentic AI Foundation name and why the ecosystem extends beyond MCP alone.
👉 Read WorkOS's recap of the Agentic AI Foundation and MCP governance panel →
MCP governance under the Linux Foundation: what changes now?
Explore further
22/06/2026 11:16 am
Shared protocol governance is becoming the new identity boundary for agentic systems. Once multiple vendors and open source contributors govern MCP together, the security question shifts from isolated product trust to ecosystem trust. That creates a control surface where tool access, context access, and execution permissions must be consistent across implementations. For identity teams, the practical conclusion is that protocol governance now sits inside the access model, not outside it.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What is the difference between agent identity policy and tool policy?
A: Agent identity policy governs who or what is allowed to initiate action, while tool policy governs what that identity can reach once a request is made. Both must align, because a strong agent policy with weak tool policy still allows overbroad actions through permitted integrations.
👉 Read our full editorial: Agentic AI Foundation signals a new governance layer for MCP
