Niranjan M MFollow

Abstract

Current MCP design carries a wide range of security risks. For example, Industry-leading LLMs may be coerced to use MCP tools and compromise an AI developer’s system through a wide range of attacks viz., Malicious code execution, Remote access control, Credential theft etc.,

Proposed method adds Transaction Database, based on Distributed Hash Table (DHT), where-in every Agentic AI maintains local chain of transactions with other Agentic AI, which are mutually signed. This can be used for auditing of the messages/transactions and telemetry (with the chain of events). As per the proposed method, mutually authenticate the messages (contextual data) between Agentic AI’s (MCP servers/tools), provide trusted and authenticated communication. With the help of local hash chain and DHT, confirms the provenance of every piece of data (message/transaction), and hence for auditing the data any point of time.

Proposal, provides Traceability and Accountability, for example, within a running AI system, if the Agentic AI suffers abnormal attacks (ex: receiving message from the compromised Agentic AI), the attack processing also are logged as transactions. When these logging transactions of attack trajectories, the future attacks launched on the Agentic AI can be identified (using attach pattern recognition). As each and every Agentic AI (MCP server) will be registered with the DHT during initialization by providing proof of identity and liveliness of the proof of trust, provides trustworthiness to the overall AI system.

In short, proposed method provides a decentralized, cryptographically verifiable framework for trusted and accountable agentic AI communication in MCP-based systems. By mutually authenticating every exchanged context message, maintaining per-agent tamper-evident histories, and cross-verifying provenance through a distributed reference, the system detects compromised or malicious agents at runtime and enables reliable forensic traceability. This approach addresses MCP-specific security gaps that are not solved by transport security, server validation, or centralized logging alone.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS