Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

MCP server security: what IAM and NHI teams need to control


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: MCP standardises how AI apps connect to tools and data, but Apono’s analysis shows that the protocol also expands NHI exposure through standing tokens, over-scoped access, and weak auditability. The governance problem is not the protocol itself, but the identity controls around it.

NHIMG editorial — based on content published by Apono: 7 Cybersecurity Concerns Related to The MCP Protocol

By the numbers:

Questions worth separating out

Q: How should security teams govern MCP tool access in production environments?

A: Security teams should treat MCP tool access like any other privileged integration.

Q: Why do MCP integrations increase NHI risk in AI workflows?

A: MCP integrations increase NHI risk because they rely on service accounts, tokens, and API keys to let AI systems reach real tools and data.

Q: What breaks when MCP servers do not enforce tool scoping?

A: When MCP servers do not enforce tool scoping, models can reach tools and data across users, tenants, or environments that were never meant to be shared.

Practitioner guidance

  • Inventory every MCP-connected identity Map which service accounts, tokens, and API keys back each tool server, then document where those credentials are stored and which environments they can reach.
  • Enforce request-level scoping for tool calls Pass tenant ID, user role, and purpose context into each MCP request and validate those fields server-side before any tool executes.
  • Replace long-lived credentials with short-lived access Use short-lived tokens, JIT-style access, and regular rotation for any credential that can reach production data or state-changing tools.

What's in the full article

Apono's full blog post covers the operational detail this post intentionally leaves for the source:

  • Remediation guidance for hard-coded tokens and long-lived service accounts in MCP deployments
  • Practical examples of tenant-aware access logic and server-side validation for tool requests
  • Detailed logging and observability recommendations for model-to-tool transactions
  • Specific mitigation advice for prompt injection, confused deputy issues, and rogue MCP servers

👉 Read Apono's analysis of MCP server security and identity risk →

MCP server security: what IAM and NHI teams need to control?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Standardised tool access has become an identity governance problem, not just an application design choice. MCP reduces connector sprawl, but it also concentrates privilege inside the server identity, which means the control failure shifts from code integration to access governance. That matters because a model can only act as safely as the identity behind its tool path allows. Practitioners should treat MCP as a governance surface before they treat it as an engineering convenience.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: Who is accountable when an AI agent misuses MCP-connected credentials?

A: Accountability sits with the organisation that defined the identity, scope, and logging model for the integration. If credentials were left broad, static, or unbound to request context, the failure is governance, not model behaviour alone. Teams should assign ownership for tool identities, access reviews, and incident traceability before deployment.

👉 Read our full editorial: MCP server security creates new identity governance gaps for AI agents



   
ReplyQuote
Share: