Notifications
Clear all
Topic starter
12/06/2026 9:39 pm
TL;DR: AI agents using MCP can move across enterprise systems at machine speed, but traditional access controls cannot reliably inspect, enforce, or attribute those actions before execution, according to Linx Security. The governance gap is now the point of failure, because policy without runtime enforcement leaves agent actions effectively unreviewable.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- Only 18% of MCP server deployments implement any form of access scoping for tool permissions.
Questions worth separating out
Q: How should security teams govern AI agents that can act through MCP?
A: Security teams should govern MCP-connected AI agents with a pre-execution control point, not only with logging and periodic review.
Q: Why do AI agents complicate existing access control models?
A: AI agents complicate existing access control models because they can chain tool calls across systems at machine speed instead of staying inside one application boundary.
Q: What do security teams get wrong about MCP server governance?
A: Many teams confuse MCP connectivity with meaningful authorisation.
Practitioner guidance
- Insert a pre-execution enforcement layer for MCP traffic Place policy evaluation between the AI platform and downstream tools so requests can be approved or blocked before any action reaches Salesforce, Jira, GitHub, Snowflake, or internal systems.
- Scope permissions at the tool level Separate read, write, and administrative capabilities inside each MCP-connected system instead of approving an entire server connection as if it were a single entitlement.
- Tie every agent action to the full identity chain Record the human requester, the non-human identity in use, the access profile, the tool invoked, and the final decision so investigations can reconstruct who authorised what and why.
What's in the full announcement
Linx Security's full post covers the operational detail this post intentionally leaves for the source:
- How the MCP Gateway evaluates individual tool calls before execution in live workflows
- How Linx Access Profiles map read, write, and administrative permissions to persona, team, and department
- How the product records approved and denied actions in an identity-linked audit trail
- How the unified identity context is applied when human and non-human identities both influence the same request
👉 Read Linx Security's analysis of real-time governance for AI agent actions through MCP →
MCP gateway governance for AI agents: are your controls keeping up?
Explore further
12/06/2026 11:52 pm
Real-time enforcement is now the boundary that identity governance must own. The article is pointing at a structural shift: once AI agents can chain tool calls across systems, after-the-fact logging no longer equals control. NHI and IAM programmes have historically relied on post-event traceability, but agentic execution demands a pre-execution decision point. The practitioner conclusion is that governance must be measured by what is blocked before action, not by what can be reviewed later.
A few things that frame the scale:
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- Only 92% of respondents agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to the same SailPoint research.
A question worth separating out:
Q: Who should be accountable when an AI agent takes a harmful action?
A: Accountability should sit with the organisation that defined the agent’s access, the policy that allowed the action, and the team that failed to enforce it at execution time. In practice, the evidence trail must show the requester, the non-human identity, the access profile, and the decision taken, so responsibility is not diluted after the fact.
👉 Read our full editorial: Real-time governance for AI agent actions through MCP control
