Skills
MCP Zero Trust: Five-Layer Defense Architecture for Agent Tool Authorization
Zero Trust applied to MCP means every tool call is explicitly authorized via policy (not implicitly permitted), every agent has a scoped identity, and admin MCP endpoints are strictly separated from runtime agent endpoints. The five-layer model covers tool capability modeling, token-to-tool authorization mapping, endpoint separation, egress controls, and audit logging — enforced at the protocol layer by an MCP Gateway (Pomerium, Cerbos) rather than relying on the agent to self-restrict. The CoSAI MCP security framework (arXiv 2504.08623) documents 12 threat categories including tool poisoning via embedded instructions in tool metadata.
Source
↳ Follow the thread