Model Context Protocol (MCP) is rapidly emerging as the standard of choice for AI systems to invoke tools, exchange data, and collaborate seamlessly. Its neutral, machine-readable format represents a major advancement toward open, interoperable automation. Yet, as enterprises evaluate MCP in production contexts, one crucial shortcoming becomes evident:

MCP endpoints solve connectivity but are insufficient for comprehensive enterprise control.

To fully unlock AI’s powerful capabilities, enterprises need to layer robust security, policy compliance, and cost governance on top of MCP.

Understanding MCP's Strengths and Weaknesses

MCP is intentionally streamlined to be general for the industry. By encapsulating actions within semantic schemas it facilitates AI agent interactions without requiring developers to repeatedly handle payload negotiations or authentication complexities. Specifically, its security strengths include:

• OAuth 2.0 support

• JWT token compatibility

However, MCP’s simplicity introduces gaps when it comes to advanced enterprise controls:

• MCP predominantly utilizes single-user authentication and authorization, which falls short when autonomous AI agents, independent from human identities, enter systems.
  
  E.g Do we need to make google logins and sign ups for all our services for each new agent we create or someone copies and personalizes/specializes?
  
  

• AI agents can require broader or more restrictive access than an individual user, making user-level authentication inadequate for complex, automated workflows.
  
  E.g Jane wants visibility to important AI generated suggestions about the state of operations at large beyond her team (say from other teams that have similar robots), but doesn’t want conversations to be able to send robots commands even though she’s has that capability
  
  

• Users may inherently possess broader authorization than enterprises wish third-party applications or agents to access. Allowing users to determine access levels can inadvertently grant excessive permissions.
  
  E.g. Bob has access to a whole Google Drive and now the AI is seeing all our files.
  
  

• Excessive data access, permitted by OAuth2 for users, can lead to operational confusion or security risks when unnecessary data exposure to AI occurs.
  
  E.g. Our AI keeps choosing wasting time looking at unnecessary files because our Google drive is full of them and they get injected into context

• Having multiple MCPs  does not make usage and cost easier to see, enterprises require audit logs of who is using what functionality and if an MCP is introducing excessive costs ( through large context tokens).
  
  E.g. Our costs of this agent are large because some MCP keeps injecting a huge amount of data, who is using this MCP tool?

The primary takeaway: MCP alone still requires an additional layer for narrowing exposure and implementing fine-grained Role-Based Access Control (RBAC) to effectively manage complex enterprise scenarios beyond individual user-level authentication most people use in their personal life with AI tooling.

Historical Parallels: Formant’s Robust Command Control Systems

Formant’s experience building software to manage robotic fleets reveals similar enterprise challenges. Robots require comprehensive command capabilities, from exposing ROS nodes to triggering custom Python scripts. Formant has faced and successfully addressed these complexities through robust RBAC systems, particularly:

• Hierarchical Identity Management: Every request acknowledges hierarchical account structures.

• Parameter-Level RBAC: Policies enable granular command permissions, allowing agents to proactively query allowable parameters, thus preventing excessive permissions.

• Detailed Auditing: Comprehensive logs capture all interactions—parameters, outcomes, state changes —ensuring full operational transparency.

Sound familiar? These challenges encountered in managing robotic command permissions and data access closely parallel the limitations seen with MCP. As enterprises expand their physical AI investments, we still see RBAC as essential to merge policy-driven data governance across robotics and AI automation.

Moving Towards Trusted Autonomy

Enterprise-grade AI automation demands accountability and intelligent governance. By integrating advanced identity management, unified policies, audit trails, and transparent cost oversight, Formant aims to ensure trusted autonomy. This means AI systems will operate with the rigorous accountability and compliance needed for enterprise grade deployment.

We’re excited by the early conversations with our partners and their challenges of this new era of generative AI. If you are building in this space or want to deploy machines powered by AI we’d love to talk.