Safeguard
Tag

mcp-security

Safeguard articles tagged "mcp-security" — guides, analysis, and best practices for software supply chain and application security.

57 articles

AI Security

Agentic Procurement: Letting AI Agents Buy Software Safely

Agents can now evaluate, trial, and pay for software without a human in the loop. The controls that make that safe: spend caps, allowlists, verifiable merchants, and audit trails.

Apr 4, 20266 min read
AI Security

Securing MCP Servers: A Practical Checklist

MCP servers are runtime dependencies your agent trusts implicitly. Here is a concrete checklist for auth, tool pinning, sandboxing, and monitoring before you ship one.

Mar 22, 20266 min read
AI Security

What is Model Context Protocol (MCP) Security

MCP security explained: how tool poisoning, rug pulls, and 2025's critical CVEs (mcp-remote, MCP Inspector) put AI agents at risk—and how to defend against them.

Mar 3, 20267 min read
AI Security

What is AI Agent Security

AI agent security explained: how autonomous AI agents get attacked through prompt injection, tool poisoning, and exposed MCP servers, and how to stop it.

Mar 3, 20267 min read
Industry Analysis

Inside the Agentic Development Supply Chain Report

Safeguard's research team analyzed 42,000+ repositories with agentic commit activity, finding new dependency, MCP server, and SBOM gaps introduced by AI coding agents.

Jan 23, 20267 min read
Industry Analysis

Agent Security Buyer's Guide Overview

As AI agents gain production write-access across the enterprise, security teams need a rigorous buyer's guide to separate real agent security platforms from repackaged AppSec dashboards.

Jan 22, 20267 min read
AI Security

MCP vs Skills vs Hooks vs Rules Explained

MCP, Skills, hooks, and rules extend AI coding agents in very different ways — two execute code, two only steer behavior. Here's how each one breaks.

Jan 21, 20268 min read
AI Security

Explaining Model Context Protocol and its expanding attac...

MCP security is now urgent: MCP servers grew from 700 to 16,000+ in a year, and most are unaudited. Here is the threat model and how Safeguard secures it.

Dec 19, 20258 min read
AI Security

Analysis of known MCP server CVEs and disclosed vulnerabi...

Two critical CVEs — in mcp-remote and Anthropic's MCP Inspector — reveal how MCP server vulnerabilities let untrusted servers execute code on client machines.

Dec 18, 20258 min read
AI Security

How tool poisoning attacks compromise MCP tool descriptions

A single poisoned tool description can turn a trusted MCP server into a silent data-exfiltration channel. Here's how these attacks work — and how to stop them.

Dec 18, 20257 min read
AI Security

Step-by-step guide to hardening and securing an MCP serve...

A practical, step-by-step guide to hardening and securing an MCP server deployment -- authentication, sandboxing, network policy, and monitoring included.

Dec 18, 20258 min read
AI Security

Risks of MCP server rug-pulls and silently changing tool ...

An MCP rug pull attack swaps a trusted server's tool definitions after approval. Here's how tool definition drift happens, and how Safeguard catches it early.

Dec 17, 20257 min read
mcp-security (Page 3) — Safeguard Blog