Skip to main content

Aembit and Netskope outline blended identity and data policy for MCP agent access

Recent guidance argues that AI agents should be treated as actors that require identity-based access constraints similar to humans and devices, with policy controls that cover both authentication and data handling during MCP-based interactions.

Research Overview

The post frames “actors” as entities that perform work on systems, noting that enterprises typically enforce security policy using identity constructs such as individuals, groups, or roles, backed by identity providers and access controls.

It states that AI agents also need identity and policy layers to operate within comparable bounds, emphasizing dynamic behavior as agents differ from long-lived human and device identities.

Key Findings

The post distinguishes “user IAM” from “workload IAM,” describing a shift for agents toward just-in-time, ephemeral credentials and dynamic access policies rather than static, long-lived secrets.

It also argues that MCP, used for agent interactions with resources, does not provide a native data policy layer, so additional controls are needed to govern data flows and enforce governance around agent traffic.

Technical Breakdown

The identity and access policy layer is described as combining authentication for both the human who instructs an agent and the agent itself, using a “blended identity” approach that asks whether a specific user with a specific agent is authorized for a specific resource at a given time.

The post attributes this blended identity concept to Aembit’s “IAM for Agentic AI” and explains that it can support credential injection at runtime, with workload verification based on environment and context such as where the workload runs and identity information issued by the platform.

Operational Impact

On the data policy side, the post describes Netskope components that it says add data visibility and enforcement for agent interactions, including support for public MCP servers, private hosting patterns, and content constraints against multi-turn threats such as prompt injection and jailbreaking.

It outlines a workflow that combines Netskope’s One AI Gateway and Aembit Edge, where credentials are injected at runtime for agent-to-gateway and gateway-to-LLM authentication, and it states that Netskope inspects content in transit and logs interactions for compliance.

For enterprise security and architecture teams, the post’s main takeaway is a two-layer control model for agentic AI: a blended identity and workload-oriented access policy for authentication, paired with an added data governance layer to control MCP-driven data flows; this “Blog Signals brief” is a fact-based summary of the vendor blog.