Versa Extends Zero-Trust Reach to Model Context Protocol to Secure AI Agents
Versa today unveiled a zero-trust framework for the Model Context Protocol (MCP) that is embedded within its secure access service edge (SASE) platform.
Kevin Sheu, vice president of product strategy and solutions for Versa, said this capability is embedded within Versa Verbo, an artificial intelligence (AI) copilot tool that the company launched last year. Specifically, Versa Verbo with Zero Trust MCP architecture is available with release 23.1.1 of the VersaONE Universal SASE Platform.
That integration ensures that every task initiated by an AI agent is validated against user identity, role-based access controls, and system policies before being allowed to execute, with explicit human validation based on administrator-defined policies implemented when needed.
For example, administrators can define policies in advance that determine which agent actions execute automatically, which require human approval, and which are blocked based on user identity, role, system context, action type, and risk level. Every approved action is logged with full attribution.
Collectively, the Versa platform enables zero-trust policies to be correlated across events in a way that enables anomaly detection and guided troubleshooting. The overall goal is to extend the platform from per-action validation today to policy-driven automation and deeper operational visibility, said Sheu.
AI agents accessing MCP servers create a raft of cybersecurity challenges. A single prompt can trigger multiple events across systems, many of which are invisible and unverifiable. At the same time, AI agents themselves create a rich target. A compromised AI agent could, for example, enable cybercriminals to take control of an entire process. More troubling still, adversaries are also likely to attempt to insert malicious AI agents into a workflow.
As such, cybersecurity teams will need to be able to manage AI agents based on their unique identity, alongside all the human and other types of non-human identities they already manage, said Sheu. The issue is that AI agents tend to be a lot more ephemeral in the sense that it is difficult to predict what data is being accessed for what purpose, he added. Organizations need to put frameworks in place that ensure AI agents are behaving as intended, noted Sheu.
Until organizations are able to validate AI agent activity at every step, they are not going to be able to deploy AI agents at the level of scale they aspire to achieve, he said.
Eventually, some type of security framework will need to be embedded into agentic AI workflows that are now accessing massive amounts of data at machine speed. The challenge is that the pace of AI agent adoption is far exceeding the ability of cybersecurity teams to respond. In many instances, cybersecurity teams have been explicitly told that given the potential cybersecurity gains they should not hinder adoption of AI agents.
At some point, however, cybersecurity incidents involving multiple AI agents will be all but inevitable. The issue then becomes not only determining how best to respond to those events but also, just as importantly, preventing them from reoccurring.
