Free open models — Qwen, DeepSeek — on your own machine or cloud. A cryptographic identity on every agent, a signed-and-verified gate on every tool call. Your data never leaves. Your API bill is zero.
MCP SDK downloads in the last 12 months (npm, @modelcontextprotocol/sdk). The agent world runs on MCP.
The NSA warned MCP ships with no security model — serialization, trust-boundary and agent-misuse risks.
The cryptographic layer that closes that gap: agent identity, per-message signing, integrity, replay protection.
MCP exploded to hundreds of millions of installs before it had an authentication or integrity layer — and in May 2026 the NSA said so out loud.
MCPS is that missing layer — authored by CyberSecAI and submitted to the IETF. Pair it with a free local model and you get powerful AI that's cheap, private, and provable — end to end.
Your stack. Your data. All local and compliant.
The model runs on your machine or in your own cloud. Prompts, documents, and tool data never leave your perimeter — nothing is sent to a third-party API.
Data residency, signed audit trails and per-action attribution map straight onto SOC 2, GDPR and the OWASP/NSA MCP guidance — see the mapping below.
Open weights, run free on hardware you already own. No per-token bill, no rate limits, no vendor lock-in. Scale without scaling cost.
Every tool call is signed by the agent's identity and verified at the gate. Unsigned, tampered or replayed calls are rejected before they run.
How a local-Qwen + MCPS + AgentPass deployment helps you meet each control. Links go to the source standard.
| Security challenge | How this stack answers it | Aligned standard |
|---|---|---|
| Agent identity | AgentPass signed passport (P-256), L0–L4 trust levels | OWASP MCP Cheat Sheet · AISVS (C10) |
| Per-message integrity + replay | MCPS signs every tool call; verifier checks signature, nonce & identity at the gate | NSA MCP CSI (May 2026) · OWASP MCP Cheat Sheet |
| Tool poisoning / tampering | Tool-definition signatures detect altered or malicious tools | OWASP MCP Cheat Sheet · AISVS |
| Data residency / sovereignty | Model + data stay on-premise or in your own cloud — nothing leaves | SOC 2 (Confidentiality)GDPR |
| Audit & non-repudiation | Signed, tamper-evident transcript of every agent action | SOC 2 (CC monitoring) · AISVS |
The "HTTPS of the agent era." Adds agent identity, per-message signing, tool-integrity and replay protection to MCP without changing the protocol. Authored by CyberSecAI, submitted to the IETF (draft-sharif-mcps-secure-mcp).
A signed passport that says who an agent is — alias, public key, L0–L4 trust, revocation. Self-signed locally (no PKI), or registry-attested for cross-org trust. agentpass.co.uk.
Everything runs inside your perimeter — no request ever leaves it. Each tool call is signed by the agent, then verified at the gate before it touches your tools.
Qwen / DeepSeek via Ollama
FREEcarries an AgentPass passport (signed ID)
checks signature + nonce + identity
INCLUDEDonly trusted calls ever reach them
✓ signed & fresh → runs · ✗ unsigned / tampered / replayed → rejected at the gate Bad calls never reach your tools — the verifier enforces it; you don't trust the agent blindly.
We ship both halves — the signer and the verifier.
Qwen or DeepSeek via Ollama — OpenAI-compatible, offline.
# on your machine
ollama pull qwen3:14b
ollama serveSDK gives it an AgentPass identity, MCPS-signs every call.
# SDK by request: contact@agentsign.dev from secure_qwen import SecureQwenAgent a = SecureQwenAgent(model="qwen3:14b", mcp_servers={"tools":{...}}) a.run("add 17 and 25")
One line wraps your MCP server. Unsigned / tampered / replayed → rejected.
from mcp_secure import secure_mcp secure_mcp(server) # ← boom. gated.
Free local AI, cryptographic agent identity, and compliance-ready audit — one stack, end to end, entirely under your control.
© 2026 CyberSecAI Ltd · BUSL-1.1 · free to use, self-host & build on · contact@agentsign.dev