TL;DR: Developers built secure AI agents and MCP servers with scoped permissions, outbound apps, and agent-specific tokens across productivity, healthcare, security, and identity use cases in Descope’s first Global MCP Hackathon. The core lesson is that once agents can authenticate and act across systems, identity design becomes the control plane, not an afterthought.
NHIMG editorial — based on content published by Descope: Announcing winners of the Descope Global MCP Hackathon
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
Questions worth separating out
Q: How should security teams govern AI agents that use MCP to access business tools?
A: Start by treating each agent as a distinct identity subject with its own credentials, scope, and logging.
Q: Why do agent-to-agent workflows create more risk than single-agent automation?
A: Because each handoff creates another delegation decision, another credential boundary, and another opportunity for scope to widen.
Q: What do security teams get wrong about secure MCP servers?
A: They often focus on the transport or API wrapper and miss the identity policy underneath it.
Practitioner guidance
- Define per-agent identities before production rollout Issue each agent its own identity, token, and audit trail so actions can be attributed to a specific runtime actor instead of a shared integration account.
- Bound every delegated tool call by scope and expiry Use short-lived credentials, narrow scopes, and explicit consent paths for each tool interaction so a single permission grant does not become environment-wide access.
- Log tool invocation context end to end Capture which identity called which tool, what data was accessed, and what action was taken so review teams can reconstruct agent behaviour without ambiguity.
What's in the full analysis
Descope's full blog post covers the implementation detail this post intentionally leaves for the source:
- How the hackathon teams wired Descope Outbound Apps and Inbound Apps into real MCP workflows.
- The specific app-by-app integration patterns used for GitHub, Slack, Google Calendar, and spreadsheet access.
- How the winning teams structured agent identities, scoped JWTs, and delegated consent in practice.
- The sponsor and judge context behind the event, including the developer tooling used across submissions.
👉 Read Descope's recap of the Global MCP Hackathon winners and secure agent patterns →
MCP servers and agent identity: what teams need to govern?
Explore further
Identity is becoming the control plane for agentic software, not just a support layer. The hackathon winners show that once AI agents can authenticate to real tools, the security question is no longer whether automation exists, but which identity is carrying the authority. That shifts governance from application permissions to delegated machine authority, which is where IAM, NHI, and agent oversight converge. Practitioners should now treat every agent integration as an identity programme decision, not a feature toggle.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How do IAM and NHI teams decide whether an agent integration is safe enough to deploy?
A: Use the same questions you would use for high-risk non-human access: who owns it, what it can reach, how long the credential lasts, and whether every action is auditable. If the answer is unclear at any of those points, the integration is not ready for production use.
👉 Read our full editorial: MCP hackathon results show secure identity is now agent infrastructure