Microsoft has announced an early preview of how Windows 11 will implement the Model Context Protocol (MCP) to enable secure, interoperable agentic computing. The MCP is a lightweight protocol that allows agents and applications to discover and invoke tools in a standardized way.
To address security concerns, Microsoft has identified several emerging threat vectors, including cross-prompt injection, authentication gaps, credential leakage, tool poisoning, lack of containment, limited security review, registry and MCP supply chain risks, command injection, and the need for principle of least privilege.
Windows 11 will provide fundamental security capabilities based on four key principles: providing a baseline set of security requirements, ensuring user safety through proxy-mediated communication, enforcing the principle of least privilege, and limiting sensitive actions done on behalf of the user. Additional security controls include tool-level authorization, central server registry, runtime isolation, and mandatory code signing.
The MCP security architecture in Windows 11 aims to prevent classes of attack such as tool poisoning while creating an open and diverse ecosystem of servers. A developer preview of the MCP platform capabilities will be provided to developers for feedback purposes. Microsoft is committed to continuous security innovation, working with others to stay ahead of emerging threats.
By building security into its agentic platform, Microsoft aims to create a safer future for AI on Windows.
Source: https://blogs.windows.com/windowsexperience/2025/05/19/securing-the-model-context-protocol-building-a-safer-agentic-future-on-windows