Trust

MCP authentication

MCP servers that integrate with hosted SaaS need OAuth or API tokens. The protocol does not specify a secrets-management primitive, so credentials typically live in environment variables or local config files. A compromised server reads everything it has access to. Auth posture is one of the inputs that goes into the trust score.