Safeguard
Tag

mcp

Safeguard articles tagged "mcp" — guides, analysis, and best practices for software supply chain and application security.

79 articles

AI Security

What Is the Model Context Protocol (MCP)? And What It Means for Security

MCP is the USB-C of AI integrations — one open standard for connecting models to tools and data. It also standardizes a fresh attack surface, so understanding both halves matters.

Jul 8, 20265 min read
AI Security

Agents Can Now Procure Safeguard Through MCP

AI agents can browse regional pricing, compare tiers, start a Stripe checkout, and verify activation — the entire Safeguard procurement journey now runs through the MCP server.

Jul 8, 20266 min read
AI Security

Integrating AI Tools Without Expanding Your Attack Surface

Stanford researchers found developers using AI coding assistants wrote more security bugs — and felt more confident in them. Here's how to adopt AI safely.

Jul 8, 20268 min read
AI Security

Guardrails for Autonomous AI Agents: Allowlisting, Validation, and Human-in-the-Loop

OWASP's 2025 LLM Top 10 splits Excessive Agency into three root causes. Here's how tool allowlisting, output validation, and approval gates address each one.

Jul 8, 20266 min read
AI Security

Why static scanners miss malicious AI agent skills

In April 2025, Invariant Labs showed a malicious MCP tool description could exfiltrate an SSH key — with zero suspicious code for a static scanner to flag.

Jul 8, 20266 min read
Supply Chain Attacks

How Malicious Skills Get Distributed Through Agent Registries

CVE-2025-59536 (CVSS 8.7) let a single malicious commit auto-approve MCP servers in Claude Code, no install click required. Registries need the same controls as package managers.

Jul 8, 20266 min read
AI Security

Prompt injection in AI coding assistant system prompts

Copilot, Cursor, and Windsurf all read untrusted repo text into the same channel as trusted instructions — three 2025 CVEs show what happens next.

Jul 8, 20266 min read
AI Security

A vendor-neutral checklist for rolling out AI coding assistants safely

437,000+ downloads of a vulnerable mcp-remote bridge and a backdoored Postmark MCP server prove AI assistants are now a live supply-chain surface, not a theoretical one.

Jul 8, 20266 min read
AI Security

Vetting third-party agent skills before you install them

AI agent skill marketplaces run installed code with your full permissions and no sandboxing — VS Code's 2025 extension attacks show exactly how that gets abused.

Jul 8, 20266 min read
AI Security

Governing MCP tools with per-tenant feature flags

Safeguard's MCP server exposes 650+ tools. Here's how per-tool feature flags keep each tenant scoped to exactly what it needs — with safe defaults and a fail-safe that narrows, never widens, on error.

Jul 6, 20263 min read
AI Security

MCP Server Security: 8 Best Practices for 2026

The Model Context Protocol connects AI agents to your tools and data. That power cuts both ways. Here are eight concrete practices for running MCP servers without handing attackers a remote control.

Jul 2, 20265 min read
Agent Security

Claw Chain: Four Chained CVEs Turn 245,000 OpenClaw Agents Into Backdoors (May 2026)

Cyera disclosed four chainable flaws in OpenClaw on May 15, 2026 that take an autonomous agent from prompt injection to credential theft, privilege escalation, and a persistent backdoor. Roughly 245,000 instances sit exposed on the internet.

May 16, 202611 min read
mcp (Page 2) — Safeguard Blog