Secure Tool Manifest and Digital Signing Solution for Verifiable MCP and LLM Pipelines

TL;DR

This paper introduces a cryptographically secure framework for verifying and enforcing tool usage in LLM pipelines, enhancing transparency and integrity in sensitive applications.

Contribution

It presents a novel secure tool manifest and digital signing framework that extends MCP with cryptographic verification and transparent logging for LLM pipelines.

Findings

Scales nearly linearly with high R-squared (0.998)

Achieves near-perfect acceptance of valid executions

Effectively rejects invalid actions and balances utilization

Abstract

Large Language Models (LLMs) are increasingly adopted in sensitive domains such as healthcare and financial institutions' data analytics; however, their execution pipelines remain vulnerable to manipulation and unverifiable behavior. Existing control mechanisms, such as the Model Context Protocol (MCP), define compliance policies for tool invocation but lack verifiable enforcement and transparent validation of model actions. To address this gap, we propose a novel Secure Tool Manifest and Digital Signing Framework, a structured and security-aware extension of Model Context Protocols. The framework enforces cryptographically signed manifests, integrates transparent verification logs, and isolates model-internal execution metadata from user-visible components to ensure verifiable execution integrity. Furthermore, the evaluation demonstrates that the framework scales nearly linearly (R-squared = 0.998), achieves near-perfect acceptance of valid executions while consistently rejecting invalid ones, and maintains balanced model utilization across execution pipelines.