arXiv — Threat modeling for emerging AI-agent protocols
• Category: Research
AI relevance: The paper evaluates security risks in MCP, A2A, Agora, and ANP—protocols that underpin how AI agents exchange tools, data, and actions.
- Compares four agent communication protocols with a shared threat-modeling lens rather than siloed analyses.
- Defines protocol risk surfaces across creation, operation, and update lifecycles.
- Proposes a 12-risk qualitative framework for likelihood and impact scoring at the protocol level.
- Highlights trust-assumption gaps that surface when agents compose tools across multiple servers.
- Includes a measurement-driven MCP case study to quantify wrong-provider tool execution.
- Frames missing validation and attestation as a falsifiable security claim rather than a vague design concern.
- Argues for protocol-centric standardization to avoid divergent security postures across ecosystems.
Why it matters
- Agent protocols are quickly becoming the integration layer for tools and services, so weak assumptions cascade into deployments.
- Cross-protocol comparisons help teams avoid overfitting defenses to one ecosystem while missing systemic risks.
- Quantitative risk checks can guide what must be enforced before multi-server compositions go live.
What to do
- Map protocol assumptions in your stack and explicitly document trust boundaries.
- Require validation/attestation for executable tools and remote components.
- Test multi-server compositions for wrong-provider execution and policy bypass scenarios.