mcp
Safeguard articles tagged "mcp" — guides, analysis, and best practices for software supply chain and application security.
79 articles
MCP Server Capability Declaration Audit
An MCP server tells the world what it can do through its capability declaration. Auditing those declarations catches drift, tool poisoning, and misconfiguration before an agent gets talked into using the wrong one.
MCP Server Discovery Protocol Security
MCP server discovery turns a client connection string into a live capability graph. The protocol mechanics that make this convenient also widen the blast radius when discovery is spoofed, tampered with, or silently reshaped mid-session.
Anthropic mcp-server-git: Three CVEs That Chain to RCE via Prompt Injection
Three flaws in Anthropic's official Git MCP server let prompt injection in a README compromise the developer's machine. The chain shows how MCP servers leak authority.
Docker MCP Server: Setup and Security Considerations
Running a docker mcp server puts an AI agent's tool access inside a container boundary, which helps containment but doesn't remove the need to scope credentials and network access carefully.
AI Agent Security Risks: Why Autonomous Systems Are the Next Supply Chain Frontier
AI agents are consuming APIs, installing packages, and executing code autonomously. The security implications are massive and largely unaddressed.
The MCP Threat Model: What Actually Matters in 2026
Most MCP threat models confuse protocol risk with deployment risk. Here is what the real attack surface looks like after a year of production incidents.
Anthropic MCP Security Model: A Deep Dive
Anthropic's Model Context Protocol introduces a new trust boundary between agents and tools. Here is how the security model actually works in practice.
Securing Claude Code MCP Server Deployments
Claude Code MCP servers run with the privileges of the developer who invoked them. That makes deployment posture the entire security model.
MCP Spec 2025-11-25: Tasks, URL Mode Elicitation, and What Defenders Must Watch
The November 25, 2025 Model Context Protocol release adds Tasks, formalises long-running work, and reshapes the audit story for enterprise MCP.
MCPoison (CVE-2025-54136): How Cursor's Trust Model Failed Open
Check Point Research showed Cursor bound trust to MCP entry names, not contents. A swap-after-approval gave attackers persistent RCE on engineers' laptops.
Supabase MCP and the Lethal Trifecta: When an Agent Has service_role
A Cursor user's Supabase MCP server was tricked by a support ticket into exfiltrating an integration_tokens table. The bug was not in MCP. It was in the trifecta.
Securing AI Agents: MCP Protocol Risks and Mitigations
The Model Context Protocol is transforming how AI agents interact with tools, but it introduces new attack surfaces. Here is what security teams need to understand.