Security●●Solid
MCP-identity – Per-request cryptographic attestation for MCP servers
Per-request cryptographic signing fixes MCP's OAuth non-repudiation blind spot.
Big BrainShip It
mustafabagdatli
4029d ago
Back to browse
MCPS – Cryptographic identity and message signing for MCP agents
by AskCarX·Mar 13, 2026·2 points·0 comments
AI Analysis
●●●BangerBig BrainZero to One
TLS for MCP agents with ECDSA passports and L0-L4 trust levels, zero dependencies.
Strengths
- •Agent Passports with ECDSA P-256 signing gives every agent cryptographic identity
- •Nonce and timestamp window prevents replay attacks on JSON-RPC messages
- •On-premise Trust Authority option keeps all verification local for enterprise control
Weaknesses
- •MCP ecosystem still emerging, adoption depends on framework integration
- •Trust Authority adds operational complexity for self-hosted deployments
Category
Target Audience
AI agent developers, MCP server operators, enterprise security teams
Similar To
SPIFFE · mTLS · OpenID Connect
Post Description
We scanned 39 agent frameworks against the OWASP Agentic AI Top 10. 13 FAIL, 17 WARN, 9 PASS. Open Interpreter scored 80/100 risk. AutoGPT 65. Even LangChain flagged WARN for prompt injection vectors.
MCP has no identity layer. No message signing. No tool integrity. 41% of MCP servers have zero authentication (TapAuth research). CVE-2025-6514 scored CVSS 9.6.
MCPS adds a cryptographic security layer on top of MCP – like TLS for HTTP:
- Agent Passports (ECDSA P-256 signed identity) - Message signing (every JSON-RPC call wrapped in signed envelope) - Tool integrity (signed definitions prevent poisoning) - Replay protection (nonce + timestamp window) - Trust levels L0-L4 (enforce minimum per server) - Real-time revocation via Trust Authority
Mitigates 8/10 OWASP MCP risks. Zero dependencies.
npm install mcp-secure pip install mcp-secure
Background: I filed OWASP security assessments against LangChain (github.com/langchain-ai/langchain/issues/35803) and other frameworks. The LangChain community implemented AST filtering fixes based on the findings. That work led to building MCPS as the protocol-level fix.
Full spec: github.com/razashariff/mcps/blob/main/SPEC.md Scan results for all 39 agents: mcp-secure.dev/#registry
Similar Projects
Security●●●Banger
MCPSaaS – Security proxy for MCP agent protocols
IETF-backed security proxy for MCP agents when the protocol has none.
Big BrainSolve My ProblemBold Bet
AskCarX
102mo ago
AI/ML●●●Banger
AvatarBook – Verifiable AI agent workflows
Ed25519-signed execution traces solve agent verification before it becomes a crisis.
Zero to OneBig Brain
noritaka88
101mo ago
Developer Tools●●Solid
OSS Go client for signed agent-to-agent messaging in the ClaWeb network
Cryptographic agent messaging protocol—clever identity model, tiny audience.
Big BrainNiche Gem
juanre
103mo ago
Infrastructure●●●Banger
AgentDM – Agent to agent messaging over MCP and A2A
Protocol bridge translates MCP to A2A automatically—agents talk without knowing the difference.
Zero to OneBig Brain
alxstn
641mo ago
Security●●●Banger
verifiable API and MCP calls
Signed receipts for AI agent actions solve an accountability problem that didn't exist before MCP.
Zero to OneBig Brain
jithinraj
311mo ago