Author: Celine Rosak, Director of Corporate Marketing & Brand, Xage Security

Artificial intelligence is rewriting the rules of enterprise security. From generative AI to autonomous agents, organizations are racing to harness AI’s power for efficiency, insight, and innovation. But beneath the excitement lies a growing reality: the same connectivity that fuels AI’s promise also opens new pathways for risk.

A new whitepaper by leading analyst firm IDC, “Securing AI with Zero Trust: Managing Identity and MCP Risks,” dives deep into this emerging challenge. The report explores emerging AI-related risks & goverance issues, including how the Model Context Protocol (MCP) and Agent2Agent (A2A) frameworks, while foundational for AI interoperability, also expose enterprises to unprecedented identity and governance vulnerabilities.

The AI Identity Explosion

With agentic AI, agents can make decisions, execute tasks, and access sensitive systems. As such, they should be treated like any other entity with an identity — whether human or nonhuman — and have proper controls in place to determine which actions they can take, when, and for how long. Without the proper controls and continuous verification, these agents can escalate privileges, interact beyond their intended scope, or even expose confidential data. IDC data shows that 39% of enterprises fear increased data leakage as a result of AI adoption, and nearly one in three organizations are expanding Zero Trust controls to manage these risks.

Conventional network-based security frameworks were never designed to handle autonomous entities that communicate, learn, and act independently. As IDC puts it, “securing AI requires an identity-first approach.” One that authenticates, authorizes, and governs every interaction, whether human, machine, or agent.

The IDC report goes on to unpack several key topics on how to future-proof safeguarding your AI environment, offering a detailed look at the evolving risks of MCP and A2A protocols in enterprise AI deployments. These frameworks enable powerful interoperability between agents and systems but also introduce new identity and governance risks. 

To protect against these risks, the report explores how identity-first, Zero Trust architectures are reshaping the foundation of AI security, ensuring that every user, agent, and data element is continuously authenticated and authorized at every interaction. The report also emphasizes the importance of extending data-centric protection beyond the model itself, safeguarding information as it moves through AI pipelines and multi-agent ecosystems. 

Xage Zero Trust for AI

Download the IDC report for an in-depth exploration of today’s most pressing AI security challenges and a comprehensive look at how Xage Zero Trust for AI helps enterprises overcome them. 

Built on a unified, distributed security mesh, Xage applies Zero Trust principles seamlessly across all AI environments, ensuring that every interaction is verified and protected. Its architecture secures MCP and A2A workflows end to end by authenticating every agent, enforcing least-privilege access, and providing tamper-proof accountability. Even in air-gapped or intermittently connected environments, Xage delivers resilient protection that enables organizations to innovate with AI safely and confidently.