SMCP: Secure Model Context Protocol

TL;DR

This paper introduces SMCP, an enhanced protocol for agentic AI systems that improves security and privacy by adding identity management, authentication, policy enforcement, and audit logging to the existing Model Context Protocol.

Contribution

The paper presents SMCP, a systematic security extension to MCP, addressing key vulnerabilities and providing a comprehensive framework for secure, reliable agentic AI ecosystems.

Findings

SMCP reduces security risks in agentic AI systems.

It enables robust mutual authentication and policy enforcement.

The protocol supports comprehensive audit logging for accountability.

Abstract

Agentic AI systems built around large language models (LLMs) are moving away from closed, single-model frameworks and toward open ecosystems that connect a variety of agents, external tools, and resources. The Model Context Protocol (MCP) has emerged as a standard to unify tool access, allowing agents to discover, invoke, and coordinate with tools more flexibly. However, as MCP becomes more widely adopted, it also brings a new set of security and privacy challenges. These include risks such as unauthorized access, tool poisoning, prompt injection, privilege escalation, and supply chain attacks, any of which can impact different parts of the protocol workflow. While recent research has examined possible attack surfaces and suggested targeted countermeasures, there is still a lack of systematic, protocol-level security improvements for MCP. To address this, we introduce the Secure Model Context Protocol (SMCP), which builds on MCP by adding unified identity management, robust mutual authentication, ongoing security context propagation, fine-grained policy enforcement, and comprehensive audit logging. In this paper, we present the main components of SMCP, explain how it helps reduce security risks, and illustrate its application with practical examples. We hope that this work will contribute to the development of agentic systems that are not only powerful and adaptable, but also secure and dependable.