mcp-security
Safeguard articles tagged "mcp-security" — guides, analysis, and best practices for software supply chain and application security.
57 articles
How to Audit the Dependencies of an AI Agent
An AI agent's dependency tree spans packages, MCP servers, models, and system prompts. A step-by-step audit method that actually enumerates all four layers.
Best AI Security Tools in 2026: Guardrails, Red Teaming, and Agentic AI Security Compared
An honest guide to the best AI security tools in 2026 — red-teaming and testing tools, runtime guardrails for prompt injection, agentic AI and MCP security, and the AI supply chain layer (AIBOM) — with a clear best-for line for each.
Cursor's AI security agents: what they get right and what's missing
Cursor's Bugbot and MCP agents catch real bugs, but CurXecute and MCPoison show they open new attack surfaces SCA tools never had to face.
Claude Code and Claude Desktop security integrations
Claude Code's shell access and MCP's connector boom are reshaping software supply chain risk. Here's what security teams need to know and do.
Sonatype Guide: Securing Agentic AI Development
Sonatype's new guide reframes AI dependency risk, but its scanner-based model can't govern agents that install packages and call MCP tools on their own. Here's the gap and how to close it.
AI agent skills and plugin repositories: why they need th...
AI agent skills and MCP plugins are packages in disguise—executable, publicly registered, and largely ungoverned. Here's why they need npm-grade supply chain controls.
Securing AI coding assistants: governance patterns for to...
AI coding assistants like Claude Code and Cursor now write, install, and execute code with minimal oversight. Here's the governance framework that closes the gap JFrog's artifact scanning leaves open.
Securing MCP Servers and Agent Skills in the Enterprise
MCP servers and agent skills give AI agents new power—and new attack surface. Here's how tool poisoning and rug-pull attacks work, and how to stop them.
Prompt injection attacks against AI coding/security tools
AI coding assistants like Copilot and Cursor can be hijacked by hidden text in files, comments, and packages. Here's how prompt injection malware works and how Safeguard detects it.
Security scanning for MCP servers and AI agent tool use
MCP servers give AI agents direct tool access, but most ship unvetted. Here's how security scanning catches tool poisoning and rug-pull attacks.
The State of Agentic AI Adoption report
New survey data on the state of agentic AI adoption shows enterprises racing to deploy autonomous agents faster than security teams can govern them.
MCP Security
MCP is standardizing how AI agents call tools, and attackers are already exploiting tool poisoning, rug pulls, and shadowing. Here's what MCP security actually requires.