Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

MCP server sprawl: what it means for IAM and agent governance


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9059
Topic starter  

TL;DR: MCP is turning AI agent connectivity into an identity problem, with over 1,000 servers live by early 2025 and thousands more appearing across the ecosystem according to Lasso Security. The real issue is that existing IAM and monitoring models were built for stable, reviewable identities, not fast-moving agents that can reach sensitive tools and data.

NHIMG editorial — based on content published by Lasso Security: Why MCP Agents Are the Next Cyber Battleground

Questions worth separating out

Q: How should teams govern MCP-connected AI agents in production?

A: Govern MCP-connected agents like privileged non-human identities, not like ordinary integrations.

Q: Why do MCP deployments increase identity risk so quickly?

A: MCP lowers the friction for connecting agents to tools and data, which means identities, permissions, and trust relationships can appear faster than governance processes can review them.

Q: What breaks when MCP servers are deployed without central security oversight?

A: What breaks is the ability to prove who approved access, what systems the agent reached, and when the access should end.

Practitioner guidance

  • Inventory every MCP-connected agent and server Create a register of all MCP endpoints, connected tools, responsible owners, and business purpose.
  • Scope permissions by resource and tool Separate read access, action execution, and workflow prompts into distinct entitlements.
  • Log tool-boundary activity for every agent Capture which agent invoked which tool, what context was passed, what action executed, and what data returned.

What's in the full article

Lasso Security's full blog post covers the operational detail this post intentionally leaves for the source:

  • A closer look at the specific MCP workflow patterns that create visibility gaps across tools and data sources.
  • Examples of how developers are connecting agents into Slack, Google Drive, Jira, and cloud platforms without central approval.
  • The security gateway controls the vendor describes for request and response filtering across connected MCPs.
  • Product-roadmap details on risk scoring, monitoring, and transport support that implementation teams would need to evaluate.

👉 Read Lasso Security's analysis of why MCP agents are expanding enterprise attack surface →

MCP server sprawl: what it means for IAM and agent governance?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8498
 

MCP is turning agent connectivity into an identity governance problem, not just an integration problem. The article shows that once agents can reach tools and data through a standard protocol, the security question shifts from whether the system connects to whether the resulting non-human identities are visible, bounded, and attributable. That is a familiar NHI pattern, but MCP accelerates it across more systems at once. Practitioners should read MCP adoption as an expansion of identity surface area, not a feature upgrade.

A few things that frame the scale:

  • 53% of MCP servers expose credentials through hard-coded values in configuration files, according to The State of MCP Server Security 2025.
  • 24,008 unique secrets were exposed in MCP configuration files in 2025 alone.

A question worth separating out:

Q: How do security teams decide whether an MCP agent has too much access?

A: A useful test is whether the agent can read data, trigger actions, and move across systems with one broad entitlement. If those capabilities are bundled, the access is too wide. Teams should separate those functions, then confirm that each permission is necessary, traceable, and removable without breaking unrelated workflows.

👉 Read our full editorial: MCP agents are expanding the identity attack surface for enterprises



   
ReplyQuote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8498
 

MCP is turning agent connectivity into an identity governance problem, not just an integration problem. The article shows that once agents can reach tools and data through a standard protocol, the security question shifts from whether the system connects to whether the resulting non-human identities are visible, bounded, and attributable. That is a familiar NHI pattern, but MCP accelerates it across more systems at once. Practitioners should read MCP adoption as an expansion of identity surface area, not a feature upgrade.

A few things that frame the scale:

  • 53% of MCP servers expose credentials through hard-coded values in configuration files, according to The State of MCP Server Security 2025.
  • 24,008 unique secrets were exposed in MCP configuration files in 2025 alone.

A question worth separating out:

Q: How do security teams decide whether an MCP agent has too much access?

A: A useful test is whether the agent can read data, trigger actions, and move across systems with one broad entitlement. If those capabilities are bundled, the access is too wide. Teams should separate those functions, then confirm that each permission is necessary, traceable, and removable without breaking unrelated workflows.

👉 Read our full editorial: MCP agents are expanding the identity attack surface for enterprises



   
ReplyQuote
Share: