Descope launched Agentic Identity Control Plane, a solution that enables security teams to institute policy-based governance, auditing, and identity management for their AI agent and Model Context Protocol (MCP) ecosystems. The Agentic Identity Control Plane builds on top of the existing Descope Agentic Identity Hub to mark a huge step forward in Descope’s vision of becoming the identity provider for AI agents.

As AI agents, LLMs, and MCP servers continue gaining rapid adoption, security leaders grow increasingly concerned about unauthorized AI agent adoption, which can lead to an increased attack surface, risk compliance issues, and pave the way for rogue AI agents gaining escalated privileges. A survey of 400+ CIAM decision-makers commissioned by Descope found that 57% of respondents feel worried about AI agents accessing unauthorized data or sharing data with unauthorized users. Identity management is critical to the secure adoption of agentic AI, as evidenced by the fact that 5 of the OWASP Top 10 Threats for GenAI have authentication and authorization related mitigations.

The Descope no / low code external IAM platform helps organizations easily create, modify, and manage identity journeys for their consumers, business customers, partners, AI agents, and MCP servers using visual workflows. Hundreds of customers including GoFundMe, Databricks, Navan, and You.com use Descope to enhance customer experience, help prevent account takeover, and get a 360 view of their customer and machine identities.

In April 2025, Descope announced Agentic Identity Hub, a suite of capabilities that solves authentication and authorization challenges for developers building AI-compatible APIs, remote MCP servers, and AI agents. Today’s release further enhances Descope’s agentic identity offering and provides enterprise security teams with critical oversight into identity management and governance for both internal and external-facing AI systems.

The capabilities enable:

Scope-based access control through a policy engine to tightly control how AI agents and MCP clients / servers access corporate resources. Security teams can restrict AI agent access to specific scopes within specific third-party tools, as well as enact policies based on user roles and hierarchies.

to tightly control how AI agents and MCP clients / servers access corporate resources. Security teams can restrict AI agent access to specific scopes within specific third-party tools, as well as enact policies based on user roles and hierarchies. Enterprise-grade monitoring and auditing capabilities to help security teams gain visibility over their AI agent risk surface, spot access control errors and misconfigurations, and identify potential rogue AI agents before they do damage.

capabilities to help security teams gain visibility over their AI agent risk surface, spot access control errors and misconfigurations, and identify potential rogue AI agents before they do damage. End-to-end identity lifecycle management for AI agents, including dynamic and static AI agent registration, configurable user consent flows, granular authorization scopes, token management and storage, and visibility into how AI agent identities and human identities are linked.

“No CISO wants to block the adoption of agentic AI and MCP at their company, but they are taking on an increased risk responsibility with every new AI agent or MCP server created within their organization or connecting with their products,” said Slavik Markovich, CEO of Descope. “The Agentic Identity Control Plane delivers easy to use and comprehensive policy control and monitoring tools that security teams need for secure, scalable AI adoption.”