mcp-security
Safeguard articles tagged "mcp-security" — guides, analysis, and best practices for software supply chain and application security.
57 articles
How Snyk AI-BOM's --html flag visualizes AI dependency an...
How Snyk's snyk aibom --html flag turns CycloneDX AI-BOM data into an interactive graph of models, agents, tools, and MCP client-server-tool dependency chains.
How Snyk AI-BOM identifies prompt files and prompt-inject...
How Snyk's AI-BOM tooling discovers prompt files, SKILL.md packages, and MCP tool chains, and the detection engine it uses to flag prompt-injection risk.
Tool Poisoning Attacks: How Malicious Instructions Hide I...
AI agent tools can hide invisible instructions attackers use to steal data. Here's how tool poisoning attacks work and how Safeguard stops them.
Model Context Protocol Security 101: What Could Go Wrong ...
MCP lets AI models call tools automatically — and lets malicious servers hide instructions in plain sight. Here's how tool poisoning, rug pulls, and shadowing actually work.
Agent Skill Marketplaces as the Next Frontier for Supply ...
Agent skill marketplaces are repeating npm and PyPI's supply chain mistakes—except the malicious payload is often a sentence of instructions, not code. Here's what's already been exploited.
Why Autonomous Coding Agents Need Their Own Threat Model
Coding agents run with real credentials and no pause button. Here is the threat model that treats them as autonomous infrastructure, not junior developers.
Agentic AI Security Glossary: Tool Poisoning, Prompt Inje...
A precise glossary of agentic AI security terms — prompt injection, tool poisoning, model jailbreaking, excessive agency, and MCP rug pulls — with concrete attack examples.
MCP Server Permissions: A Practical Checklist for Reducin...
A practical checklist for scoping MCP server permissions, denying risky defaults, and limiting the blast radius when an AI agent's tool access is exploited.
What OpenAI and Anthropic Ecosystem Partnerships Signal A...
OpenAI and Anthropic's expanding ecosystem deals are an AI model vendor security partnership signal AppSec teams can no longer afford to ignore.