MCP workflows and agentic access management: are controls keeping up?

TL;DR: MCP turns LLMs into decision-making agents that can trigger actions across internal systems, which means static identity, policy, and audit models no longer fit, according to Pomerium. The security problem is not the model itself but the trust assumptions around who it acts for, what it can do, and how every action is proven.

NHIMG editorial — based on content published by Pomerium: Agentic Access Management for Model Context Protocol (MCP) Workflows

By the numbers:

• Only 18% of MCP server deployments implement any form of access scoping for tool permissions.

Questions worth separating out

Q: How should security teams govern AI agents that can call tools through MCP?

A: Security teams should govern MCP-connected agents as runtime actors, not as passive applications.

Q: Why do AI agents create more risk than traditional automation in IAM programmes?

A: AI agents create more risk because they can infer intent and choose actions dynamically instead of following a fixed workflow.

Q: What do security teams get wrong about logging agent activity?

A: Teams often assume that detailed logs equal control.

Practitioner guidance

• Map every MCP-connected agent to a named business owner and policy scope Identify who is accountable for the agent, which systems it can reach, and which actions require explicit approval before execution begins.
• Enforce per-action authorisation at the model-to-tool boundary Do not rely on broad service account entitlements alone.
• Separate observability from approval Send prompt, tool, and system-level events into a central log pipeline, but ensure the policy engine can stop or narrow the action before downstream systems are touched.

What's in the full article

Pomerium's full blog post covers the operational detail this post intentionally leaves for the source:

• A practical breakdown of how its enforcement point evaluates prompts, models, and actions in sequence
• The vendor's examples of how identity-based per-action policy is applied across internal tools and SaaS systems
• Implementation detail on audit logging, SIEM integration, and policy enforcement across workflows
• The source article's product framing for agentic access management inside MCP-driven environments

👉 Read Pomerium's analysis of agentic access management for MCP workflows →

MCP workflows and agentic access management: are controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →