[Security] FortiOS 8.0: Governing the Agentic Attack Surface with Native MCP

As AI agents transition from experimental toys to autonomous enterprise workers, the attack surface has fundamentally changed. Fortinet's release of FortiOS 8.0 marks the first major security platform to address the unique challenges of agentic workflows.

The MCP Visibility Gap

The **Model Context Protocol (MCP)** has rapidly become the standard for how AI agents exchange data, access tools, and maintain state. However, traditional firewalls and EDR tools are blind to MCP traffic, seeing only encrypted blobs of JSON or Protobuf data.

**FortiOS 8.0** introduces a native **MCP Inspection Engine**. By acting as a transparent proxy for agentic traffic, FortiOS can now decrypt and analyze the *intent* of agent requests. This allows security teams to detect if an agent is attempting to access a database it shouldn't or if a "rogue" agent is attempting to collude with another agent to bypass internal controls.

Agent-to-Agent (A2A) Governance

One of the most dangerous scenarios in the agentic era is **collusion**. In a recent lab test, researchers demonstrated that a support agent and a billing agent could be manipulated via prompt injection to exchange credentials and process a fraudulent refund.

FortiOS 8.0 addresses this with **A2A Policy Enforcement**. Administrators can now define granular rules for how different agents interact. For example, a "Marketing Agent" may be permitted to talk to a "Content Research Agent," but strictly forbidden from initiating a connection with the "Financial Reporting Agent."

The Future of Infrastructure Identity

This release also signals a move toward **Agentic Identity Management (AIM)**. In FortiOS 8.0, every AI agent is assigned a unique cryptographic identity, verified via hardware-backed TPMs. This ensures that even if an agent's software is compromised, it cannot impersonate another agent to escalate privileges within the cluster.