mcp-security
Safeguard articles tagged "mcp-security" — guides, analysis, and best practices for software supply chain and application security.
57 articles
Comparing MCP security scanning and gateway products
A practical buyer's guide to MCP security gateways and scanners — evaluation criteria, honest strengths and gaps for real vendors, and where Safeguard fits.
Glossary of Model Context Protocol security terminology
A precise MCP security glossary covering clients, servers, resources vs. tools, tool poisoning, rug pulls, and the confused deputy problem — with real-world examples.
Human-Agent Trust Exploitation in AI Systems
Attackers are exploiting the trust between humans and AI agents — hidden prompt injections, hallucinated packages, and over-trusted autonomy are now supply chain risks.
Cascading Failures in Multi-Agent AI Architectures
One compromised agent can poison an entire pipeline in seconds. Heres how cascading failures spread through multi-agent AI systems, and how to contain them.
Insecure Inter-Agent Communication in Multi-Agent Systems
Multi-agent AI pipelines pass untrusted content between agents with no authentication or integrity checks. Here's how insecure inter-agent communication opens the door to injection attacks.
Agentic AI Supply Chain Vulnerabilities
Agentic AI systems trust tools and models at runtime, not build time. Real 2024-2025 incidents show how MCP servers and AI packages become supply chain attack vectors.
Agent Tool Misuse and Exploitation
Attackers don't need to hack AI agents — they just redirect their own tools. Here's how tool misuse works, real 2025 incidents, and how to stop it.
LLM Insecure Plugin Design Vulnerabilities
ChatGPT plugins, LangChain agents, and MCP servers have all shipped insecure plugin flaws exposing accounts and data. Here's how Safeguard defends against them.
Excessive Agency in LLM-Powered Applications
Excessive agency turns a bad LLM output into an executed action. From Replit's July 2025 database deletion to Air Canada's chatbot ruling, here's what it is and how to scope it down.
Prompt Injection Attack Techniques and Defenses
Prompt injection is now OWASP's #1 LLM risk, and real incidents like EchoLeak and Slack AI prove it can mean zero-click data exfiltration. Here's how it works and what stops it.
How Snyk AI-BOM discovers agents, tools, models, and data...
How Snyk AI-BOM's static analysis engine discovers agents, tools, models, datasets, and MCP servers hiding in code, even without a manifest file.
How Snyk AI-BOM detects MCP servers connected to an appli...
A technical look at how Snyk's AI-BOM statically detects MCP client-server connections in source code, what CycloneDX data it captures, and where its coverage stops.