mcp
Safeguard articles tagged "mcp" — guides, analysis, and best practices for software supply chain and application security.
79 articles
Detecting shadow MCP servers in developer environments
Unauthorized MCP servers running on developer laptops are the agent-era equivalent of shadow IT. Here is how to inventory them, see them at runtime, and bring them under policy.
Prompt-injection vectors specific to MCP servers and how to layer defenses
MCP servers expose three distinct prompt-injection surfaces — resource contents, tool outputs, and sampling requests — and each one needs its own defense layer. Here is how to think about them together.
MCP tool poisoning: hidden instructions and rug-pulled tool definitions
Tool-poisoning attacks against Model Context Protocol servers hide adversarial instructions inside tool descriptions and silently mutate tool definitions after install. Here is how the attack works and how to defend against it.
When the Vulnerability Is the Design: MCP STDIO Command Injection Across 150M Downloads (May 2026)
OX Security documented command injection through the MCP STDIO transport across Python, TypeScript, Java, and Rust SDKs. Anthropic calls the behavior by-design and won't patch upstream. That leaves the fix to thousands of downstream projects.
MCPwn (CVE-2026-33032): One Missing Auth Check Turned nginx-ui's MCP Endpoint Into Unauthenticated RCE
nginx-ui added MCP support and split it across two HTTP routes. One route shipped without the auth middleware. The result is a CVSS 9.8 unauthenticated takeover, actively exploited, fixed with 27 characters of code.
Model Context Protocol Permissions Model Explained
MCP's permissions model is subtle. Here is a careful walkthrough of how tool scoping, sampling, and resource access actually work in production.
Securing MCP Servers Without Killing Developer Velocity
MCP servers are spreading inside engineering orgs faster than security teams can review them. Here is how to govern them without slowing teams down.
Enterprise MCP Registry Onboarding Process
A repeatable onboarding flow for adding MCP servers to an enterprise registry without becoming the team that says no to everything.
A Security Baseline for AI Agent Tool Use in 2026
Tool-using agents are now in production at most large organizations. The security baseline that should be table stakes, and what teams are still missing.
Scoped Credentials Per MCP Server: A Pattern
Long-lived shared tokens are the wrong unit of trust for MCP servers. Here is the per-server scoped-credential pattern and how to roll it out.
MCP Server Telemetry Data Governance
MCP server telemetry captures sensitive prompts, arguments, and outputs. A governance framework for retention, redaction, and tenant-scoped access is essential.
Tool-Call Audit: The Missing AI Observability Layer
Most AI observability stacks log prompts and completions. The actual security signal is in the tool calls. Here is how to capture it.