The Ultimate Guide to Non-Human Identities Report

The MCP ShiftPart 3: The Future

The MCP ShiftPart 3: The Future – Astrix Security

In Part 1, we saw where our customers had called out MCP’s early blind spots. In Part 2, we showed where others see that same abstraction layer as a path to anchor stronger governance. This final chapter looks ahead and asks: Do we think MCP can be the distributed control plane for AI agents and the identity fabric that allows AI to scale safely?

If you missed the earlier parts,  you can catch up with part 1 and part 2, or dive right into the future.

“Predictions are hard, especially about the future.”

We wanted to bring in lots of voices for our future piece. That old quote about predictions being hard is sometimes attributed to the physicist Niels Bohr and other times to the baseball player Yogi Berra – both wise people in their own way. We wanted just as diverse wisdom in these predictions. That’s why we ran our survey. Thanks to all who took the time to reply.

The headlines on the survey results are: 

  • 61% are using MCP with AI Agents today
  • 73% plan to expand their use of MCP
  • 77% of those not using MCP today plan to do so soon
  • 73% say having an MCP server would affect their use of a tool (in other words, MCP support would encourage them to use a tool with their AI Agent)

That’s very positive for the future of MCP. It would have been surprising if it were a lot more than that, since we know not every tool will make sense with an abstraction layer of any kind. There are some tools (e.g., databases) that simply must be used, and having MCP wouldn’t affect their use in any way. (I’m looking forward to all the MCP for databases stans roasting me in the comments!)

The most interesting result from the survey was how people broke down the factors that would affect how they make future choices about MCP. 30% of you said Security was the most important factor. Given our audience, that’s hardly surprising. However, 26% said Ease of Use, 23% said Stability, and 21% said Fully Featured, with most respondents choosing at least 3 options. What this seems to say is that people want MCP to deliver on everything and to do it securely. 

Given how much people seem to be banking on MCP as a part of their AI agent-powered future, that makes sense.

MCP’s Evolution into an AI Agent Control Plane

MCP’s role as a standardized gateway for AI agents positions it naturally as a control plane where identity, policy, and audit can be consistently enforced. People we’re talking to see it that way, and the survey results point that way, too. Industry coverage highlights MCP’s momentum, and we all see the ever-growing catalog of MCP servers. 

What we think this means: MCP is not just convenient for developers. It is becoming the strategic place where security teams can consistently apply identity and policy to agent activity at scale. Once MCP is the standard gateway, centralized policy capabilities that customers have been asking for shift from aspirational to practical. Security teams can author one policy and have it propagate to every agent interaction that traverses MCP. Here are a few fascinating examples we’ve heard people asking for:

  • Require human confirmation before any destructive operation.
  • Restrict finance agents to approved MCP servers that tokenize sensitive data.
  • Enforce least privilege through role‑ and scope‑aware tool access.

These are the types of guardrails teams asked for in Part 1, and the capabilities we began imagining in Part 2. They also map to the risks the broader community has flagged: insecure server trust, over‑privileged scopes, and token misuse. Centralizing identity, authorization, and audit at the MCP layer addresses those issues directly. This is how MCP shifts from “integration glue” to an identity‑first control plane.

The tipping point, and the caveat

Signals suggest a tipping point: more MCP servers, more SDKs, and clearer operational patterns. Yet the caveats from security practitioners are valid. Weak authentication to servers, overbroad permissions, and token handling mistakes have created real exposure. The path forward is to turn MCP into the place where the right identity and policy are always present, not assumed.

Our survey underscores that teams are ready if security is first‑class. Security ranked as the top consideration influencing MCP views, and “server availability” was the strongest adoption accelerant, which implies a desire for standardized, vetted endpoints that include governance by design. We’re hearing this again and again in conversations as well. Everyone seems to agree we’re right at the precipice, just waiting for that final push. 

Astrix’s vision: MCP as the backbone of AI identity governance

Here is how we see organizations winning this shift:

  1. Treat MCP as the enforcement point:Make the MCP layer the single place to authenticate agents, issue short‑lived, audience‑scoped tokens, and apply role‑based and context‑aware authorization.
  2. Make persistent agents first‑class identities:Bind every persistent agent’s action to a human owner or service context so investigations and approvals are straightforward.
  3. Match ephemeral agents with ephemeral identity:If the agent isn’t going to survive more than a few moments, then neither should the tokens, keys, or other identity assets they will use.
  4. Establish MCP server trust policies:Not all tasks are created equal, and so there should be a specific MCP server for some tasks. Adopt methods (e.g.ToolHive) to ensure the right task is connected to the right MCP server.
  5. Operationalize visibility:Stream MCP audit events into existing SOC tooling and attach detections for abnormal agent behavior.

This builds directly on the patterns we outlined in Part 2, using a familiar identity playbook to govern a new class of identities at machine speed.

Closing the series

We started with the risks, then showed the path to value. The opportunity now is to make MCP the backbone of AI identity governance so that AI’s scale does not mean loss of control. Our data points to growing use and stronger intent, with security as the deciding factor.
If we get the control plane right, innovation and safety are not in tension. They will reinforce each other. The next step is up to you. We’d love to hear what you’re going to do.

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.