Subscribe to the Non-Human & AI Identity Journal

Forums
The Non-Human & AI ...
Agentic AI, AI Agen...
MCP server sprawl: ...
 
Notifications
Clear all

MCP server sprawl: what it means for IAM and agent governance

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 3789
Topic starter 10/06/2026 12:56 am  

TL;DR: MCP is turning AI agent connectivity into an identity problem, with over 1,000 servers live by early 2025 and thousands more appearing across the ecosystem according to Lasso Security. The real issue is that existing IAM and monitoring models were built for stable, reviewable identities, not fast-moving agents that can reach sensitive tools and data.

NHIMG editorial — based on content published by Lasso Security: Why MCP Agents Are the Next Cyber Battleground

Questions worth separating out

Q: How should teams govern MCP-connected AI agents in production?

A: Govern MCP-connected agents like privileged non-human identities, not like ordinary integrations.

Q: Why do MCP deployments increase identity risk so quickly?

A: MCP lowers the friction for connecting agents to tools and data, which means identities, permissions, and trust relationships can appear faster than governance processes can review them.

Q: What breaks when MCP servers are deployed without central security oversight?

A: What breaks is the ability to prove who approved access, what systems the agent reached, and when the access should end.

Practitioner guidance

  • Inventory every MCP-connected agent and server Create a register of all MCP endpoints, connected tools, responsible owners, and business purpose.
  • Scope permissions by resource and tool Separate read access, action execution, and workflow prompts into distinct entitlements.
  • Log tool-boundary activity for every agent Capture which agent invoked which tool, what context was passed, what action executed, and what data returned.

What's in the full article

Lasso Security's full blog post covers the operational detail this post intentionally leaves for the source:

  • A closer look at the specific MCP workflow patterns that create visibility gaps across tools and data sources.
  • Examples of how developers are connecting agents into Slack, Google Drive, Jira, and cloud platforms without central approval.
  • The security gateway controls the vendor describes for request and response filtering across connected MCPs.
  • Product-roadmap details on risk scoring, monitoring, and transport support that implementation teams would need to evaluate.

👉 Read Lasso Security's analysis of why MCP agents are expanding enterprise attack surface →

MCP server sprawl: what it means for IAM and agent governance?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
Topic Tags
lasso-security model-context-protocol agentic-ai non-human-identities identity-governance
Forum Jump:
  Previous Topic
Related Topics
Topic Tags:  lasso-security (57) , model-context-protocol (28) , agentic-ai (528) , non-human-identities (434) , identity-governance (924) ,
Share:

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.