Tag
mcp-servers
Safeguard articles tagged "mcp-servers" — guides, analysis, and best practices for software supply chain and application security.
3 articles
AI Security
Auditing AI agent skill registries for hardcoded keys
29M new hardcoded secrets hit public GitHub in 2025, up 34% YoY — and 3% of MCP servers in production carry hardcoded credentials as theft traps.
Jul 9, 20267 min read
AI Security
Securing MCP server registries: risks of unvetted AI tool...
Unvetted MCP servers already power tool poisoning and rug-pull attacks. Here's why package scanning like JFrog's isn't enough, and how to actually secure your MCP registry.
May 30, 20268 min read
AI Security
Docker + MCP: Running MCP Servers in Containers Securely
MCP servers run with your credentials and your filesystem unless you say otherwise. Containerizing them with read-only mounts, dropped capabilities, and egress controls turns an open-ended trust grant into a bounded one.
Apr 8, 20266 min read