On May 20, 2026, the NSA Artificial Intelligence Security Center published a 17-page Cybersecurity Information Sheet: "Model Context Protocol (MCP): Security Design Considerations for AI-Driven Automation." It is the first major US government technical document to address MCP security directly.

The document is thorough on risk identification. It maps five categories of structural MCP vulnerabilities. It calls for "community coordination" to strengthen AI security foundations. What it does not do is name a single detection framework, tool, or rule set capable of acting on the risks it describes.

That gap is the same one CISA and the Five Eyes partners flagged on April 30, 2026. Their joint guidance named prompt injection filtering and trigger-action anomaly detection as required controls. Neither document named anything that implements those controls.

ATR (Agent Threat Rules) fills that layer.

NSA's Five Risk Categories Mapped to ATR