| This is very cool. Integrations look slick. Folks are understandably hyped—the potential for agents doing "deep research-style" work across broad data sources is real. But the thread's security concerns—permissions, data protection, trust—are dead on. There is also a major authN/Z gap, especially for orgs that want MCP to access internal tools, not just curated SaaS. Pushing complex auth logic (OAuth scopes, policy rules) into every MCP tool feels backwards. * Access-control sprawl. Each tool reinvents security. Audits get messy fast. * Static scopes vs. agent drift. Agents chain calls in ways no upfront scope list can predict. We need per-call, context checks. * Zero-Trust principles mismatch. Central policy enforcement is the point. Fragmenting it kills visibility and consistency. We already see the cost of fragmented auth: supply-chain hits and credential reuse blowing up multiple tenants. Agents only raise the stakes. I think a better path (and in one in full disclosure, we're actively working on at Pomerium ) is to have: * One single access point in front of all MCP resources. * Single sign-on once, then short-lived signed claims flow downstream.. * AuthN separated from AuthZ with a centralized policy engine that evaluates every request, deny-by-default. Evaluation in both directions with hooks for DLP. * Unified management, telemetry, audit log and policy surface. I’m really excited about what MCP is putting us in the direction of being able to do with agents. But without a higher level way to secure and manage the access, I’m afraid we’ll spend years patching holes tool by tool. |