🛡️ MCP Server Attestation
Prevent MCP server spoofing and man-in-the-middle attacks with Ed25519 cryptographic attestation.
Direct MCP Communication
AIM doesn't proxy MCP traffic. Your agents connect directly to MCP servers while the SDK reports server usage to AIM. MCP discovery and attestation run in background threads — non-blocking, with no latency added to agent operations.
What is MCP Attestation?
MCP Server Attestation is AIM's core security mechanism that ensures only verified, authentic MCP servers can connect to your AI agents. Without attestation, any malicious server can claim to be a legitimate MCP server and intercept or manipulate agent communications.
The Problem: Without Attestation
- ❌ Attacker creates fake "github-mcp" server
- ❌ Agent connects thinking it's legitimate
- ❌ Attacker steals GitHub credentials
- ❌ Attacker injects malicious responses
- ❌ No way to verify server authenticity
- ❌ Zero audit trail of what happened
The Solution: With AIM Attestation
- ✅ MCP server cryptographically verified with Ed25519
- ✅ Only authentic server has matching private key
- ✅ Signature proves server identity
- ✅ Tampering detected automatically
- ✅ Complete audit trail of all attestations
- ✅ Real-time monitoring of server behavior
Security Properties
Identity Proof
Only the entity with the private key can create valid signatures
Non-Repudiation
Signatures cannot be forged or denied
Integrity
Any tampering with signed data is detected
Authenticity
Signature proves the message came from the claimed sender
✅ Attestation Checklist
.well-known/mcp/capabilities