Red Hat published a guide on MCP authentication. Aembit wrote about mandatory auth patterns for agentic systems. Nudge Security analyzed MCP server exposure risks. Supabase shipped MCP OAuth integration. All in the last week.
The agentic AI ecosystem is waking up to a truth that's been obvious for months: MCP has no identity layer.
Every tool call, every data access, every system interaction through MCP happens without the calling agent proving who they are. The spec didn't ship with auth. The community is now scrambling to bolt it on.
What Everyone Is Proposing
The solutions all converge on the same stack:
- OAuth 2.1 for token-based authorization
- Keycloak / Auth0 / Supabase as identity providers
- SPIFFE / mTLS for workload identity
- RBAC / ABAC for granular access control
This is good enterprise hygiene. If you're running MCP servers inside a corporate network with centralized identity management, these patterns work.
What They All Miss
Every single one of these solutions assumes centralized infrastructure:
- An OAuth server someone operates
- A certificate authority someone controls
- An identity provider someone pays for
- A policy engine someone configures
But the fastest-growing MCP use case isn't enterprise. It's open-source agents calling open-source MCP servers. Personal agents. Community-built tools. Agents that don't belong to any organization.
Who runs the OAuth server for an autonomous agent running on someone's laptop? Who issues the SPIFFE identity for an open-source MCP server on GitHub?
Nobody. And that's the gap.
The Peer-to-Peer Identity Problem
What agents actually need is the ability to:
- Prove who they are without a central authority
- Verify who's calling without an OAuth server
- Build trust through reputation, not just credentials
- Sign their tool calls so the server knows the request is authentic
This is a cryptographic identity problem, not an IAM problem.
What AIP Does Differently
AIP (Agent Identity Protocol) takes the opposite approach from OAuth/SPIFFE. Instead of top-down enterprise identity, it provides bottom-up peer identity:
pip install aip-identity
aip init --name my-agent --platform github/myrepo
That gives your agent:
- An Ed25519 keypair — no CA needed
- A DID (decentralized identifier) — no registry operator needed
- The ability to sign requests — any server can verify
- Peer vouching — trust through behavior, not credentials
Signing an MCP Tool Call
from aip_identity import sign_message, get_identity
identity = get_identity()
# Sign the tool call payload
payload = {"tool": "read_file", "args": {"path": "/data/report.csv"}}
signature = sign_message(json.dumps(payload), identity.private_key)
# MCP server can verify: who called this, and was it tampered with?
Verifying on the Server Side
from aip_identity import verify_signature
# Server receives: payload + signature + caller DID
is_valid = verify_signature(payload, signature, caller_public_key)
trust_score = get_trust_score(my_did, caller_did) # transitive trust
if is_valid and trust_score > 0.5:
# Execute the tool call
No OAuth server. No CA. No Keycloak instance. Two agents, two keypairs, cryptographic proof.
Both Approaches Are Needed
This isn't either/or. Enterprise agents need OAuth + SPIFFE + centralized policy. Autonomous agents need peer identity + cryptographic signatures + reputation-based trust.
The interesting question is where they meet. An enterprise agent could have both a SPIFFE identity (for internal systems) and an AIP DID (for cross-organizational agent interactions). The IETF draft klrc-aiagent-auth-00 handles the enterprise case. AIP handles the peer case.
The MCP security conversation is happening right now. If you're building agents that talk to MCP servers outside your organization, the OAuth patterns everyone is proposing won't help you. You need peer identity.
AIP is open source: github.com/The-Nexus-Guard/aip
19 registered agents. 26 active vouches. 607 tests. pip install aip-identity.
The live trust network: Trust Observatory
Top comments (1)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.