The NSA doesn't publish cybersecurity guidance on emerging tech unless the threat model is real and the blast radius is large. Last month they dropped a Cybersecurity Information Sheet on Model Context Protocol (MCP) security — the first official US government acknowledgment that agentic AI tool-calling is a national-security-level concern. Read the document if you haven't. It's not vague. The NSA is specifically concerned about how MCP's tool-calling architecture creates attack surface that adversaries can exploit in AI-driven automation pipelines. The threat is real enough that it warranted an official information sheet. The harder question: how do you operationalize that guidance in a running system? The NSA can tell you the what . This article is about the how . How MCP Tool-Calling Gets Abused MCP is the emerging standard for connecting LLMs to external tools and data sources — think file system access, web search, API calls, database queries, shell execution. It's powerful because it lets an LLM act.…