The NSA's MCP security baseline: what it means for your gateway

In May 2026, the NSA released a 15-page Cybersecurity Information Sheet providing the first formal guidance on Model Context Protocol (MCP) security, outlining four specific operational requirements for organizations running AI agents in production. These requirements address unique vulnerabilities of AI agents under MCP, focusing on cryptographic message integrity, least-privilege access at tool-call boundaries, tamper-evident audits, and trust chains between clients, gateways, and servers. The guidance aims to mitigate risks like prompt injection attacks and unauthorized message modifications by ensuring verifiable audit trails and end-to-end trust. Although the requirements align with existing IETF, OpenAPI, and OWASP standards, the NSA's formalization provides a new compliance baseline likely to influence frameworks such as FedRAMP and CMMC. Companies like Speakeasy have preemptively integrated these controls into their systems, ensuring robust security measures that align with NSA recommendations.