Safeguard
Tag

mcp-security

Safeguard articles tagged "mcp-security" — guides, analysis, and best practices for software supply chain and application security.

57 articles

AI Security

Comparing MCP security scanning and gateway products

A practical buyer's guide to MCP security gateways and scanners — evaluation criteria, honest strengths and gaps for real vendors, and where Safeguard fits.

Dec 17, 20258 min read
AI Security

Glossary of Model Context Protocol security terminology

A precise MCP security glossary covering clients, servers, resources vs. tools, tool poisoning, rug pulls, and the confused deputy problem — with real-world examples.

Dec 17, 20259 min read
AI Security

Human-Agent Trust Exploitation in AI Systems

Attackers are exploiting the trust between humans and AI agents — hidden prompt injections, hallucinated packages, and over-trusted autonomy are now supply chain risks.

Nov 18, 20257 min read
AI Security

Cascading Failures in Multi-Agent AI Architectures

One compromised agent can poison an entire pipeline in seconds. Heres how cascading failures spread through multi-agent AI systems, and how to contain them.

Nov 18, 20257 min read
AI Security

Insecure Inter-Agent Communication in Multi-Agent Systems

Multi-agent AI pipelines pass untrusted content between agents with no authentication or integrity checks. Here's how insecure inter-agent communication opens the door to injection attacks.

Nov 18, 20257 min read
AI Security

Agentic AI Supply Chain Vulnerabilities

Agentic AI systems trust tools and models at runtime, not build time. Real 2024-2025 incidents show how MCP servers and AI packages become supply chain attack vectors.

Nov 17, 20257 min read
AI Security

Agent Tool Misuse and Exploitation

Attackers don't need to hack AI agents — they just redirect their own tools. Here's how tool misuse works, real 2025 incidents, and how to stop it.

Nov 16, 20258 min read
AI Security

LLM Insecure Plugin Design Vulnerabilities

ChatGPT plugins, LangChain agents, and MCP servers have all shipped insecure plugin flaws exposing accounts and data. Here's how Safeguard defends against them.

Nov 13, 20258 min read
AI Security

Excessive Agency in LLM-Powered Applications

Excessive agency turns a bad LLM output into an executed action. From Replit's July 2025 database deletion to Air Canada's chatbot ruling, here's what it is and how to scope it down.

Nov 12, 20258 min read
AI Security

Prompt Injection Attack Techniques and Defenses

Prompt injection is now OWASP's #1 LLM risk, and real incidents like EchoLeak and Slack AI prove it can mean zero-click data exfiltration. Here's how it works and what stops it.

Nov 12, 20257 min read
Industry Analysis

How Snyk AI-BOM discovers agents, tools, models, and data...

How Snyk AI-BOM's static analysis engine discovers agents, tools, models, datasets, and MCP servers hiding in code, even without a manifest file.

Aug 21, 20258 min read
Industry Analysis

How Snyk AI-BOM detects MCP servers connected to an appli...

A technical look at how Snyk's AI-BOM statically detects MCP client-server connections in source code, what CycloneDX data it captures, and where its coverage stops.

Aug 21, 20258 min read
mcp-security (Page 4) — Safeguard Blog