Safeguard
Tag

mcp

Safeguard articles tagged "mcp" — guides, analysis, and best practices for software supply chain and application security.

79 articles

AI Security

MCP Server Lifecycle Management Patterns

Patterns for managing MCP servers through development, staging, rollout, and deprecation — with an eye on the security gaps that appear at each transition.

Mar 28, 20268 min read
AI Security

MCP Server Sandbox Escapes: Threat Model

A threat model for sandbox escapes in Model Context Protocol servers, mapping attack surfaces from tool execution environments to host processes and shared state.

Mar 25, 20267 min read
AI Security

Out-Of-Band Confirmation For Irreversible Tool Calls

Some tool calls cannot be undone. Out-of-band confirmation is the cheapest defense for that small set, and the most expensive thing to skip.

Mar 25, 20267 min read
Best Practices

How to Secure AI Agents on the MCP Protocol

MCP gives AI agents real tools, real credentials, and real blast radius. Here is a hardening guide for running MCP servers in production without torching your environment.

Mar 24, 20267 min read
AI Security

Claude MCP Tool Poisoning Threat Model 2026

A senior engineer's threat model for Claude MCP tool poisoning in 2026, covering malicious servers, description hijacking, and the authorization patterns that actually help.

Mar 21, 20267 min read
AI Security

MCP Server Capability Drift Detection

MCP servers do not stay still. Tool surfaces drift, scopes expand, and the server you approved is not the server in production. Here is how to catch that.

Mar 20, 20267 min read
AI Security

MCP Server Authorization Patterns in 2026

The Model Context Protocol shifted agent integration from custom glue to a standard surface. Authorization patterns that work, and the ones that keep biting teams.

Mar 19, 20266 min read
AI Security

MCP Client-Side Security Considerations

The MCP client surface is often overlooked. We examine trust boundaries, schema handling, credential storage, and safe defaults for the agent side of the protocol.

Mar 15, 20267 min read
AI Security

Prompt Injection Defence Stack 2026

No single control stops prompt injection. The current state of the art is a defence-in-depth stack with controls at five distinct layers. Here it is.

Mar 15, 20267 min read
AI Security

AI Agent Tool Confused Deputy Problem in 2026

A senior engineer's take on the confused deputy problem in AI agent tool use, why it keeps reappearing in 2026, and the architectural patterns that actually fix it.

Mar 14, 20267 min read
AI Security

AI Agent Blast Radius Management

Every agent in production has a blast radius. Most teams have not measured theirs. Here is how to measure it and how to bring it under control.

Mar 10, 20267 min read
AI Security

MCP Authentication Patterns for Enterprise

Enterprise MCP deployments need more than a static API key. The protocol is evolving toward OAuth 2.1 and dynamic client registration, and understanding which pattern fits which workload decides whether your rollout survives the first audit.

Mar 8, 20267 min read
mcp (Page 4) — Safeguard Blog