Safeguard
Tag

mcp

Safeguard articles tagged "mcp" — guides, analysis, and best practices for software supply chain and application security.

79 articles

Product

What's New: Live Agentic Search, a Real Trust Center, and Safeguard in Your Browser

A tour of this month's releases — watching Griffin work in real time, publishing your security posture and artifacts to a governed Trust Center, and reaching Safeguard from the browser, CLI, IDE, and MCP.

Jul 10, 20263 min read
AI Security

The Security Chores Agents Should Handle Themselves

Enabling 2FA, rotating a password, revoking a stale session, minting a scoped key — the account-hygiene tasks everyone postpones. When an agent can do them through MCP, 'later' becomes 'now.'

Jul 9, 20264 min read
AI Security

Region-Blind Pricing Breaks the Moment an Agent Checks Out

Your pricing is localized by country — but an AI agent rarely holds a clean country code. If your checkout can't resolve region from the messy signals an agent actually has, it quotes the wrong price or none at all.

Jul 9, 20264 min read
AI Security

Death by a Thousand Tools: Governing an MCP Server at Scale

A 900-tool MCP server is powerful and terrifying in equal measure. The answer isn't fewer tools — it's per-tenant governance, where each capability is off until an admin turns it on.

Jul 9, 20264 min read
AI Security

The Onboarding Tax: Why Signup Forms Break Agent Workflows

Every signup form, verification email, and OAuth redirect is a wall an AI agent can't climb. Zero-touch onboarding lets an agent create the account and sign in itself — no browser, no human relay.

Jul 9, 20264 min read
AI Security

Agentic Commerce: Why Your SaaS Has to Let AI Agents Buy

AI agents already research, compare, and recommend software — but the moment they hit a paywall, they stall and hand the job back to a human. Here's why that gap is expensive, and how agent-native purchasing closes it.

Jul 9, 20264 min read
AI Security

AI agents in AppSec pipelines: triage, remediation, and guardrails

GitHub's Copilot Autofix cuts median fix time from 1.5 hours to 28 minutes — but a 2025 Replit agent incident shows why autonomy needs hard limits.

Jul 9, 20266 min read
AI Security

Least-Privilege Tool Scoping for AI Coding Agents

One overprivileged GitHub token let researchers hijack an AI agent into leaking private repo data via a public issue. Scoping tool access closes that gap.

Jul 9, 20267 min read
AI Security

MCP server security for AI coding agents

A critical RCE in Anthropic's own MCP Inspector (CVSS 9.4) and two Cursor CVEs show that giving AI agents tool access creates a new, largely unvetted attack surface.

Jul 9, 20267 min read
AI Security

Scanning AI-Generated Code Before It Merges: Wiring Scanners into Coding Assistants with MCP

Research found ~40% of Copilot suggestions were vulnerable, and devs using AI assistants trusted their code more. MCP lets you scan before merge.

Jul 9, 20267 min read
AI Security

Securing MCP Servers for AI Agents

Five CVEs in 2025 alone trace MCP tool compromise back to one root cause: unsanitized strings piped into exec(). Here's how to expose and consume MCP safely.

Jul 9, 20267 min read
Tutorials

How to Create an AIBOM for Your AI Models

Build an AI Bill of Materials that inventories the models, datasets, adapters, and MCP tools your application depends on — using CycloneDX ML-BOM and commands you can run today.

Jul 8, 20265 min read
mcp — Safeguard Blog