Track Progress: Risk Issues Harvested from MCP and Agentic Papers
Summary
This issue tracks the progress of security risk issues that were identified and extracted from our MCP Security whitepaper and Agentic
Identity and Access Control analysis. These risks have been opened as individual issues in the
cosai-oasis/secure-ai-tooling repository for broader community visibility and
remediation tracking.
Context
As part of WS4's work on secure design patterns for agentic systems, we identified several critical security risks that extend beyond our
specific deliverables and affect the broader secure AI tooling ecosystem. These risks were systematically extracted and documented in the
secure-ai-tooling repository to ensure they receive appropriate attention and remediation efforts.
Related Issues in cosai-oasis/secure-ai-tooling
Identity and Delegation Risks
Model and Agent Integrity Risks
MCP-Specific Security Risks
Operational Security Risks
Track Progress: Risk Issues Harvested from MCP and Agentic Papers
Summary
This issue tracks the progress of security risk issues that were identified and extracted from our MCP Security whitepaper and Agentic
Identity and Access Control analysis. These risks have been opened as individual issues in the
cosai-oasis/secure-ai-tooling repository for broader community visibility and
remediation tracking.
Context
As part of WS4's work on secure design patterns for agentic systems, we identified several critical security risks that extend beyond our
specific deliverables and affect the broader secure AI tooling ecosystem. These risks were systematically extracted and documented in the
secure-ai-tooling repository to ensure they receive appropriate attention and remediation efforts.
Related Issues in cosai-oasis/secure-ai-tooling
Identity and Delegation Risks
#188 - Broken Delegation Chains and Loss of Actor Clarity
Delegation chains become opaque, making it impossible to determine authorization source
#196 - Confused Deputy Problem in Agentic Delegation
Agents with elevated privileges tricked into unauthorized actions
#197 - Cross-Tenant Propagation via Shared Agent Identities
Multi-tenant boundary violations through compromised shared identities
Model and Agent Integrity Risks
#189 - Model Swapping with Retained Credentials
Malicious model replacement while maintaining legitimate credentials
#199 - Failure to Bind Agent Identity to Signed Model Artifacts
Identity not cryptographically bound to authorized model versions
#192 - Shadow and Unknown Agents
Unauthorized agents operating with valid inherited permissions
MCP-Specific Security Risks
#191 - MCP Session and Transport Security Failures
Weak transport protections enabling MITM and session hijacking
#194 - Input Validation and Sanitization Failures in MCP
Insufficient validation allowing traditional exploits via MCP
#198 - Zombie / Shadow MCP Servers
Decommissioned servers remaining accessible for malicious redirection
Operational Security Risks
#190 - Over-Permissioning of High-Capability Agents
Broad standing privileges creating excessive blast radius
#193 - Resource Exhaustion via Uncontrolled Agent Tool Chaining
Recursive tool chaining without rate limiting or quotas
#195 - Insufficient Logging and Auditability of Delegation Chains
Missing immutable logs for action reconstruction