FORT MEADE, Md. (May 20, 2026) — The National Security Agency’s Artificial Intelligence Security Center (AISC) is releasing a Cybersecurity Information Sheet (CSI), “Model Context Protocol (MCP): Security Design Considerations for AI-Driven Automation.”
MCP is an application-level protocol that provides a simple and agreed upon messaging pattern and transport format currently used by many AI-enabled systems for managing interactions between services. The guidance aims to reduce risk while supporting safe innovation in AI-augmented systems.
Real-world adoption of MCP has accelerated. It is increasingly found in AI deployments across products used in business, finance, legal, software development, and other industries, including for sensitive tasks like querying personally identifiable information.
While MCP simplifies the integration of diverse capabilities into powerful agent workflows, the current protocol specification requires careful and cautious implementation for security. Gaps in MCP design, implementation, and operational posture have created significant and evolving security concerns including serialization risks, trust boundaries, and agent misuse, to name a few, according to the CSI.
Although traditional cybersecurity principles such as authentication, authorization, and input validation remain necessary protective measures, agentic AI systems — especially those featuring MCP — introduce novel and systemic risks like dynamic tool invocation, implicit trust relationships, and context sharing. Established cyber defense strategies unfortunately do not adequately address these new risks.
These are not isolated problems that can be patched at the interface or endpoint level. Securing MCP systems requires treating the agentic environment as a continuum. Misaligned assumptions or subtle inconsistencies at any stage can propagate and compound into exploitable conditions.
This report examines these security concerns, outlines gaps that must be addressed before MCP can be used securely and confidently. It offers practical recommendations for organizations adopting MCP in high-stakes or production environments. The guidance is designed to remain relevant as the MCP protocol, implementations, and operations continue to evolve.
Adopters are advised to proceed with caution, drawing on lessons from prior distributed and plugin-based ecosystems while applying heightened scrutiny to MCP’s novel integration and automation patterns. Continued collaborative work among implementers, security researchers, and standards organizations will be essential to establish more robust and trustworthy foundations for AI infrastructure, particularly for national security and other high assurance environments.
Additional Resources
• Read the full report.
• Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721
About the National Security Agency
Founded in 1952, NSA is a U.S. Department of War combat support agency and element of the U.S. Intelligence Community. The Agency’s mission is to provide foreign signals intelligence to policy makers and our military, and to prevent and eradicate cybersecurity threats to U.S. national security systems, with a focus on the Defense Industrial Base and the improvement of U.S. weapons’ security. From protecting U.S. warfighters around the world to enabling and supporting operations on land, in the air, at sea, in space, and in the cyber domain, NSA is committed to building public trust through transparency and protecting civil liberties and privacy consistent with our nation’s values.