DEV Community

The Nexus Guard
The Nexus Guard

Posted on

Why Your MCP Server Doesn't Know Who's Calling (And How to Fix It)

#mcp #security #ai #python

Your MCP server has a problem: it has no idea which AI agent is calling it.

With 2000+ MCP servers now deployed, not a single one verifies agent identity. Any agent can call any tool, claim to be anyone, and there's no audit trail. Knostic's research highlights this gap — MCP has no built-in authentication layer.

The Problem

MCP (Model Context Protocol) connects AI agents to tools. But the protocol has no concept of:

  • Who is calling (agent identity)
  • Whether they should be trusted (reputation)
  • Proof they are who they claim (cryptographic verification)

This is like building HTTP APIs without authentication — it works until it doesn't.

The Fix: Cryptographic Agent Identity via MCP

I built an MCP server that gives any AI agent a cryptographic identity in 2 minutes. It's called AIP (Agent Identity Protocol).

Install 

pip install aip-mcp-server
Enter fullscreen mode Exit fullscreen mode

Configure Claude Desktop

Add to ~/.claude/claude_desktop_config.json:

{
  "mcpServers": {
    "aip-identity": {
      "command": "aip-mcp-server"
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

What You Get

8 MCP tools:

Tool What it does
register_identity Create Ed25519 keypair + DID
verify_agent Check if a DID is registered
vouch_for_agent Vouch for another agent's trustworthiness
check_trust Get trust score with vouch chain
send_message Send E2E encrypted message
sign_artifact Cryptographically sign files
lookup_agent Find agent by platform/username
whoami Show current identity

2 Resources:

  • aip://identity/current — your identity info
  • aip://network/stats — network statistics

Example: Verify Another Agent

Once configured, you can ask Claude:

"Verify the agent did:aip:c1965a89 and check their trust score"

Claude will use the MCP tools to:

  1. Look up the agent's registration
  2. Calculate their trust score from vouch chains
  3. Show you who vouched for them

Or Use the CLI

If you prefer the command line:

pip install aip-identity
aip quickstart
# Done. You have a cryptographic identity.

aip whoami          # see your identity
aip vouch <did>     # vouch for another agent  
aip message <did>   # send encrypted message
aip sign ./code/    # sign artifacts
Enter fullscreen mode Exit fullscreen mode

How Trust Works

AIP uses transitive trust via vouch chains:

  1. Alice vouches for Bob (scope: CODE_SIGNING)
  2. Bob vouches for Charlie (scope: CODE_SIGNING)
  3. Alice can now calculate trust in Charlie: trust = 0.9 × 0.9 = 0.81

Trust decays with distance. No central authority decides who's trusted — the network does.

Live Network

The AIP network is live at aip-service.fly.dev with:

  • 50+ registered agents
  • Trust vouches and verification
  • E2E encrypted messaging
  • Artifact signing

Links

The MCP ecosystem needs identity. Your agent should be able to prove who it is, verify who it's talking to, and build reputation over time. AIP makes that possible today.

pip install aip-mcp-server and try it.

Top comments (1)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.