MCP server access and AI agents: are your controls keeping up?

TL;DR: AI agents and Model Context Protocol are pushing enterprises toward identity-aware tool access, but static API keys, broad service accounts, and weak authorization models still dominate MCP implementations, according to Cerbos. Zero Trust for agents now depends on short-lived delegated credentials, fine-grained policy checks, and auditable on-behalf-of flows rather than shared secrets.

NHIMG editorial — based on content published by Cerbos: AI agents meet Zero Trust through MCP and delegated identity

Questions worth separating out

Q: How should security teams govern AI agents that use MCP servers?

A: Security teams should treat AI agents as first-class identities, not as hidden extensions of a user session.

Q: Why do static API keys create risk for AI agent access?

A: Static API keys create risk because they are long-lived, reusable, and difficult to tie to a specific action.

Q: What breaks when MCP tools are exposed without policy controls?

A: Without policy controls, MCP tools become a discoverable privilege surface rather than a governed capability set.

Practitioner guidance

• Define agents as governed identities Assign each AI agent a unique identity, separate from human users and separate from generic service accounts.
• Remove long-lived shared secrets from agent workflows Replace static API keys and copied admin tokens with short-lived, scoped credentials issued for a single task or delegation path.
• Scope tool discovery by policy Filter which MCP tools and resources an agent can see based on user role, agent trust level, and context.

What's in the full article

Cerbos' full blog post covers the operational detail this post intentionally leaves for the source:

• Step-by-step examples of how MCP clients connect to servers over STDIO, HTTP, and Server-Sent Events
• Specific policy enforcement patterns for fine-grained tool access and parameter-level restrictions
• Discussion of on-behalf-of token flows and OAuth 2.0 token exchange for delegated AI actions
• Implementation considerations for embedding policy decision points inside agent workflows

👉 Read Cerbos' analysis of MCP server identities and Zero Trust for AI agents →

MCP server access and AI agents: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →