Watch along as Googler, Aron Eidelman, demonstrates how to implement secure agent workloads using the Model Context Protocol (MCP) on Google Cloud.
Follow the actionable steps to secure the entire agent interaction lifestyle and data they access: from the agent to the MCP server, through the tools, and finally to your Google Cloud resources. Explore how to move beyond basic setups to a defense in depth strategy.
Watch along and learn how to establish a unique agent identity and enforce least privilege to prevent overprivileged agents. Aron continues on how to securely manage credentials using Secret Manager rather than environment variables, and how to implement centralized authorization using an MCP Proxy.
Finally, Aron demonstrates how to harden your deployment environment. This includes network isolation using VPC Service Controls and Cloud Run, as well as applying runtime guardrails with Model Armor to filter malicious inputs and prevent data exfiltration.
Resources:
[Lab] How to deploy a secure MCP server on Cloud Run → https://goo.gle/4aj2RNT
How to secure your remote MCP server on Google Cloud → https://goo.gle/4bxhKyf
Secure credentials for MCP access with Secret Manager → https://goo.gle/4tjzOSI
Configure agent activity logging → https://goo.gle/49Zwy7J
Learn how to use agent identity with Vertex AI Agent Engine → https://goo.gle/4cc93tj
Learn more about CMEK → https://goo.gle/4agqWoq
Learn more about AI Protection → https://goo.gle/46oBtwz
Learn more about Model Armor → https://goo.gle/46moDil
Speakers: Aron Eidelman
Products Mentioned: Model Armor, AI Protection, Customer-managed encryption keys, Vertex AI Agent Engine, Secret Manager, Model Context Protocol
