MCP Security

Expanded Definition

MCP security is the discipline of protecting Model Context Protocol traffic, tool registrations, and downstream actions so an agent can only reach approved data and operations. In practice, it sits at the intersection of NHI governance, connector trust, and policy enforcement, which is why it is often discussed alongside the OWASP Agentic AI Top 10 and zero trust control design.

The term is still evolving across vendors, and no single standard governs this yet. Some teams use MCP security to mean transport-layer protection only, while others include secret lifecycle controls, tool allowlisting, session scoping, logging, and policy checks before a model can invoke an action. For NHI teams, the useful definition is broader: if an AI agent can authenticate to a tool, inherit a privilege, or trigger a business workflow, that interaction is part of MCP security. The most common misapplication is treating MCP as a benign integration layer, which occurs when organisations secure the API endpoint but ignore the permissions, secrets, and execution authority behind the connector.

Examples and Use Cases

Implementing MCP security rigorously often introduces connector friction, requiring organisations to weigh agent autonomy against the cost of tighter approval gates and more frequent token rotation.

• An enterprise analyst agent queries a finance system through MCP, but only after the connector is bound to a scoped service identity and the tool is limited to read-only access.
• A software engineering assistant uses MCP to open pull requests, yet privileged write actions are separated from general chat tasks and protected with just-in-time approval.
• A data assistant can retrieve records from a customer platform, but secret material is stored outside the MCP config and reviewed against lessons highlighted in Analysis of Claude Code Security.
• A security team maps tool exposure against the OWASP Agentic Applications Top 10 to identify where an agent could turn a low-risk prompt into an enterprise action.
• A platform team aligns MCP broker rules with the CSA AI Agent Disclosure Accountability Gap whitepaper to ensure humans can see which agent invoked which tool and why.

Why It Matters in NHI Security

MCP security matters because the protocol can collapse the distance between intent and impact. If a connector is overprivileged, a model can reach sensitive data, exfiltrate secrets, or execute actions that were never meant to be automated. That risk is not theoretical. According to The State of MCP Server Security 2025 from Astrix Security, 53% of MCP servers expose credentials through hard-coded values in configuration files. In NHI environments, that turns a connector into a persistent trust failure rather than a simple integration issue.

Practitioners should treat MCP as part of the broader agentic control plane, not as a plugin problem. Strong designs combine RBAC, ZSP, secret isolation, audit trails, and policy checks before tool execution. The same logic appears in the OWASP Top 10 for Agentic Applications 2026 and the Analysis of Claude Code Security, both of which show how quickly tool access becomes a governance issue once an agent can act on behalf of a user or workflow. Organisations typically encounter the blast radius only after a connector is abused or a secret is exposed, at which point MCP security becomes operationally unavoidable to address.

Related resources from NHI Mgmt Group

• What is the Model Context Protocol (MCP) and why does it matter for security?
• What is MCP in the context of AI security?
• How should organizations prioritize security in their MCP implementations?
• How should security teams govern AI agent identities in MCP workflows?