MCP servers for AI assistants: what IAM teams need to govern

TL;DR: MCP gives AI assistants a standard way to reach tools, resources, and prompts, but the real governance question is how to expose internal capabilities without creating new token, tool, and data access paths, according to Kong. The control challenge is not the protocol itself, but the identity and authorization model wrapped around every server and client interaction.

NHIMG editorial — based on content published by Kong: A Developer's Guide to MCP Servers: Bridging AI's Knowledge Gaps

Questions worth separating out

Q: How should security teams govern AI clients that can call internal tools through MCP?

A: Start by treating each MCP tool as a delegated access path with its own owner, approval, and audit requirements.

Q: Why do MCP servers create new risks for NHI governance?

A: MCP turns AI-facing integrations into persistent, callable access paths, which means secrets, resources, and tools all become part of the non-human identity surface.

Q: What should teams check before allowing AI-generated content to reach production?

A: Require deterministic validation for structure, syntax, and allowed components before any AI-generated output can be published or executed.

Practitioner guidance

• Inventory every MCP-exposed capability List each resource, tool, and prompt the server exposes, then classify whether it is read-only, state-changing, or privilege-bearing.
• Bind session state to a named identity If you use persistent transport, ensure the session is tied to a durable identity record, with logging that lets you reconstruct which client accessed which tool and when.
• Place validation in front of execution Run generated content through deterministic validators before it can trigger deployment, publish content, or call downstream APIs.

What's in the full article

Kong's full blog post covers the implementation detail this post intentionally leaves for the source:

• Step-by-step TypeScript project setup for a Cloudflare Workers MCP server
• Full code examples for registering tools, resources, and validation handlers
• Durable Object transport configuration for persistent MCP session state
• MDC syntax validation logic with stack-based parsing and line-level error reporting

👉 Read Kong's guide to building an MCP server for AI assistants →

MCP servers for AI assistants: what IAM teams need to govern?

Explore further

View Full Forum →  |  NHI Foundation Course →