This is a bonus post following on from my Understanding MCP Authorization three part series covering building (and understanding) an MCP HTTP based server and implementing the MCP Authorization spe...
The Agent-to-Agent (A2A) protocol is emerging as the de-facto standard for how autonomous AI agents talk to each other. While most of the interest around A2A has been around stateful messaging, one...
This is the final post in a three-part series on MCP Authorization following the June 2025 revisions. In the first two posts, we built an MCP server with the HTTP transport and implemented the righ...
In this post (part two of three), we’ll dig into the June 2025 MCP Authorization specification more closely. See Part One for setting up the MCP Server using HTTP Transport. Generally, in this s...
Creating MCP Servers to connect functionality to LLM applications / AI agents is fairly straight forward. Most of the examples you see, however, are the simple stdio-transport MCP servers. If you w...
I’ve been writing a lot recently about Agent identity, how crucial it is in Agentic systems for not only security but monitoring, auditing and causality/attribution as well. But we cannot talk abou...
At first glance, AI agents seem very similar to microservices when it comes to security and identity. You need to secure the channel and authorize who is calling whom. Communication happens over th...
I’ve been digging into Agent Identity, authentication/authorization patterns, and how it fits in with existing technology patterns (OAuth 2.0, OIDC, SPIFFE, etc) and where it may need new solutions...
In earlier posts exploring AI agent and agent identity, Do We Even Need Agent Identity? and Agent Identity: Impersonation or Delegation?, I dug into the identity tradeoffs surrounding AI agents in ...
In a recent blog post, I discussed whether AI agents need their own identity. I ended with “yes, they do”, but how do we end up doing that? In this blog, we’ll look at a very important concept when...
As API adoption matured in enterprise organizations, a natural pattern emerged and we are seeing something similar in AI agent architectures: using layers to contain complexity. Dealing with team b...
In our recent engineering face-to-face, one of our engineers raised what seemed like a simple question: “Why can’t we just pass the user’s OIDC token through to the agent? Why complicate things wit...
It’s a little after 5p, and I’m about to wrap up for the day. As I’m starting to shut things down, I get a message from my boss: Jeff and Lisa are looking into some issues, the mortgage team is...
As organizations start to deploy AI agents in earnest, we are discovering just how easy it is to attack these kind of systems. I went into quite some detail about how “natural language” introduces ...
Mitigations Potential Mitigations for Naming Attacks To address these vulnerabilities, we should consider: Strict Registration Policies: Implementing formal registration systems with ver...
The Model Context Protocol (MCP) and Agent 2 Agent (A2A) specification are similar RPC style protocols that specify interaction between Agents and Tools (MCP) and Agents and other Agents (A2A). The...
I was recently chatting with Matt McLarty and Mike Amundsen on their podcast about a recent blog I wrote about describing APIs in terms of capabilities. One thing that came up was the idea of descr...
Enterprise application architecture is once again on the verge of transformation. We’ve moved from mainframes to client-server, and recently from monoliths to microservices. Each evolution has been...
The Model Context Protocol has created quite the buzz in the AI ecosystem at the moment, but as enterprise organizations look to adopt it, they are confronted with a hard truth: it lacks important ...
Anthropic introduced the Model Context Protocol (MCP) to standardize the way an LLM communicates with the “outside world” to extend its capabilities through tool/function support. The idea is if we...