mcp-security
Safeguard articles tagged "mcp-security" — guides, analysis, and best practices for software supply chain and application security.
57 articles
The postmark-mcp Backdoor: What MCP Server Vetting Should Look Like
A trojanized MCP server BCC'd every email it sent to an attacker for weeks, downloaded 1,643 times, before anyone noticed. Here's the pattern and the fix.
Least-privilege scoping for AI agents with write access to code, CI, and cloud
OWASP's 2025 LLM Top 10 names Excessive Agency a top risk; a single over-scoped CI token already dumped secrets from 23,000+ repos in 2025.
A Reproducible Rubric for Measuring Prompt-Injection Risk in Agent Skills
OWASP has ranked prompt injection the #1 LLM risk for two straight editions, yet almost no one scores agent skill packages for it consistently. Here's a rubric.
Governing AI agents inside the execution loop
Snyk's Evo Agentic Development Security, in open preview since June 23, 2026, hooks directly into an agent's tool calls — proof that pre-deployment review can't govern a decision made mid-session.
How to build and justify an AI security budget
CVE-2025-6514 let a flawed MCP proxy escalate to full remote code execution — a preview of why AI/agentic risk needs its own budget line, not a slice of the AppSec line.
New security risks across the agentic development lifecycle
Snyk found 76 confirmed-malicious skills among 3,984 analyzed and roughly a third of public MCP servers carrying exploitable flaws — legacy AppSec never modeled an agent as the author.
Protestware via prompt injection: when maintainers target AI agents
jqwik 1.10.0 shipped a hidden instruction telling AI coding agents to delete their own tests, then erased it from the terminal with ANSI codes — protestware built for agents, not humans.
Securing MCP integrations for enterprise AI assistants
Claude's May 2026 enterprise and desktop expansion put MCP tool calls in front of compliance teams and IDEs alike — governance can no longer be an afterthought.
What agentic coding environments reveal about developer risk
Snyk analyzed nearly 10,000 real developer environments and found 43% run 2+ AI coding tools at once — with MCP servers and skills quietly widening the attack surface.
Black Hat Arsenal 2026 Preview: The Agentic AI and Supply-Chain Tools to Watch
Black Hat USA 2026 runs August 1–6 at Mandalay Bay, with Arsenal August 4–6. Here is an honest preview of the open-source tool categories worth your time — and how to tell signal from demo-day hype.
Agent hijacking: the real-world impact of prompt injection
From a zero-click Microsoft 365 Copilot breach to poisoned MCP servers, AI agent hijacking is now a real, documented software supply chain threat.
mcp-scan: detecting malicious MCP tool definitions
MCP lets AI agents call tools via plain-text descriptions the model trusts blindly. Here's how mcp-scan catches poisoning, rug-pulls, and shadowing.