- NSA has released new guidance for securing the MCP AI protocol
- The guidance warns that AI ecosystems face growing cyber risks
- The agency is calling for stronger coordination on AI security standards
The National Security Agency’s Artificial Intelligence Security Center has released a cybersecurity information sheet outlining security design considerations for the model context protocol, or MCP, an application-level protocol widely used in AI-enabled systems, the agency said Wednesday.
Explore how agencies are approaching AI, cybersecurity and secure information-sharing at the Potomac Officers Club’s 2026 Intel Summit on Sept. 24. Register today.
What Is the Model Context Protocol?
MCP provides a standardized messaging pattern and transport format for AI-enabled systems. The application-level protocol is widely used across the business, finance, legal and software engineering sectors to manage interactions among services in AI-driven environments. NSA said the guidance is intended to strengthen security while enabling continued innovation in AI-driven environments.
What Risks Are Identified?
The report highlights evolving concerns, including serialization risks, trust boundaries and agent misuse. Existing safeguards, such as authentication and input validation, remain essential, the agency asserts, but agentic AI systems introduce dynamic tool invocation and implicit trust relationships and other systemic risks. NSA cautions that these issues cannot be patched at isolated endpoints and must be addressed across the entire MCP environment.
What Does the NSA AISC Recommend?
The guidance advises organizations to apply heightened scrutiny when deploying MCP in production environments, drawing lessons from prior distributed ecosystems. NSA is encouraging coordination among implementers, researchers and standards organizations to strengthen the security foundations of AI infrastructure, especially for national security and high-assurance environments.
The effort follows earlier NSA-led AI cybersecurity initiatives, including recommendations for securing AI data throughout its lifecycle and prior warnings about risks associated with agentic AI systems used in defense and critical infrastructure environments.
