agent

Identity Access Management for MCPEvery task triggers identity & policy checks at each workflow hop {user → agent → server → resource}. Task is executed proceeds only when all checks pass.

Comment

Inspiration

MCP workflows move every task through four key steps — user → AI Agent → MCP server → tool. But there’s no unified layer to verify identity and permissions at each hop. A stolen token, cloned agent, rogue server, or silently updated tool can still execute tasks unchecked. Since tools and servers are constantly evolving, we need a centralized security layer that validates all identities on every request—and blocks the task if even one identity isn’t trusted.

What it does

AgenticTrust Identity Security Layer

  • Authenticates the user, AI Agent, MCP server, and exact tool version on every call
  • Authorizes the action based on simple policies (e.g., “sell max 50 shares”)
  • Audits the full path—so teams always know who did what and when
  • If any check fails, the task is blocked and a clear error message is returned

How we built it

  • Identity Registry – a signed list of trusted users, agents, servers, and tool hashes
  • Gateway – a lightweight proxy; every MCP call passes through for identity and policy checks (~80 ms overhead)
  • Audit Ledger – an append-only log that captures user → agent → server → tool for every request

Demo highlights

We built a mock Robinhood MCP server exposing the following tools: get_stock_price(), buy_stock(), sell_stock()

  • User asks the AI Agent for TSLA’s stock price

    • Gateway verifies the get_stock_price tool → price (\$349) returned

  • User tells the agent to sell 50 TSLA shares

    • Gateway validates all identities → request approved and logged

  • We silently modify the sell_stock tool’s code to simulate a rogue update

    • Gateway detects tool hash mismatch → request blocked with “ACCESS DENIED”

Outcome: Normal actions pass. Silent code changes are blocked in real time—with virtually no user delay.

Challenges

  • MCP is still evolving—thinking about tool identity as a dynamic security concern was not obvious at first
  • Designing a clean demo to showcase layered identity checks
  • Creating a realistic example that feels familiar and impactful

Accomplishments

  • Live demo successfully blocks a silent tool update
  • One-line error messages simplify debugging
  • End-to-end working prototype built in under 8 hours

What we learned

  • Securing MCP requires checking identity at every hop—user, agent, server, and tool
  • A centralized registry is safer and simpler than leaving identity checks to each agent or MCP server
  • Developers value security tools that are transparent, fast, and easy to debug

What’s next

  • OpenID Connect for Agents (OIDC-A): signed ID cards for AI Agents with model metadata and attestation
  • Granular task scopes: set precise limits (e.g., “sell ≤ 50 shares once”), enforced per request
  • Agent-to-agent delegation: verify identity and permission during cross-agent task handoffs
  • Registry sharing: allow trusted lists to be shared across companies so agents can collaborate safely

Built With

Share this project:

Updates