New Project Proposal: MCPS (MCP Secure) — Cryptographic Security for AI Agent Communication #103
Description
Project Name
MCPS (MCP Secure)
Project Repository
- Specification & standalone SDK: https://github.com/razashariff/mcps
- Drop-in MCP SDK fork: https://github.com/razashariff/agentsign-mcp-sdk
Project Website
Project License
MIT (MCPS additions) / Apache 2.0 (MCP SDK base)
Project Description
MCPS is a cryptographic security layer for the Model Context Protocol (MCP) — the emerging standard for AI agent-to-tool communication adopted by Anthropic, OpenAI, Google, Microsoft, Cursor, Windsurf, and others.
MCP currently has no built-in security: no authentication, no message signing, no agent identity verification. OWASP has published a dedicated MCP Top 10 vulnerability list. Research shows 41% of MCP servers have zero authentication.
MCPS operates as an envelope around existing JSON-RPC messages — analogous to how TLS wraps HTTP — providing:
- Agent Passports: ECDSA P-256 cryptographic identity credentials
- Per-Message Signing: Every JSON-RPC message signed with nonce + timestamp
- Tool Integrity Signatures: Detect tool poisoning and rug pulls
- Replay Protection: Nonce store + 5-minute timestamp window
- Trust Levels L0–L4: Progressive trust from self-signed to fully audited
- Full Backward Compatibility: Secure clients gracefully fall back when talking to plain MCP servers and vice versa
Why LF AI & Data?
MCP is rapidly becoming critical AI infrastructure (11,000+ registered servers). MCPS secures this infrastructure at the protocol level. The project sits at the intersection of AI and security — aligning with LF AI & Data's mission to support open source AI innovation.
Technical Maturity
| Artifact | Status |
|---|---|
| IETF Internet-Draft | Published: draft-sharif-mcps-secure-mcp |
| MCP SDK fork (TypeScript) | Shipped: 3 packages, 259 tests passing (unit + integration + security) |
| Node.js standalone SDK | Published: npm mcp-secure@1.0.2 (zero dependencies) |
| Python SDK | Published: PyPI langchain-mcps@0.1.0 |
| Security test coverage | OWASP MCP Top 10 attacks, OWASP Agentic AI Top 10, adversarial/penetration (replay, downgrade, forgery, stripping) |
| Cryptography | ECDSA P-256 (NIST FIPS 186-5), SHA-256, JCS (RFC 8785), IEEE P1363 |
| MCP SEP submission | PR #2395 |
| OWASP MCP Top 10 PR | PR #27 |
| OpenSSF Sandbox proposal | Issue #583 |
Specifications & Standards
- MCPS: SEP-2395 (Cryptographic Security Layer for MCP)
- Canonicalization: RFC 8785 (JSON Canonicalization Scheme)
- Signing: ECDSA P-256 (NIST FIPS 186-5, RFC 6979)
- IETF: draft-sharif-mcps-secure-mcp
Maintainers
- Raza Sharif, CyberSecAI Ltd, @razashariff
- Actively recruiting additional maintainers from separate organizations
IP / License
- MCPS additions: MIT license
- MCP SDK fork base: Apache 2.0 (original MCP SDK license preserved)
- All code is original. Zero runtime dependencies for security module (uses
node:cryptoonly) - Patent Pending: GB2604808.2
Proposed Stage
Sandbox (Incubation)
Contact
- Author: Raza Sharif
- Organization: CyberSecAI Ltd
- Email: contact@agentsign.dev
- GitHub: @razashariff