mcp
Safeguard articles tagged "mcp" — guides, analysis, and best practices for software supply chain and application security.
79 articles
MCP 2025-06-18: OAuth Resource Server Rules Defenders Must Understand
The June 2025 MCP spec made every server an OAuth 2.1 resource server, mandated RFC 8707 resource indicators, and added elicitation. Here is what changes for blue teams.
MCP Inspector CVE-2025-49596: Anatomy of a 9.4 RCE in Anthropic's Reference Tool
A missing auth check in MCP Inspector versions below 0.14.1 let any website pop a shell on a developer's machine. Here is the full chain and what to fix.
Asana MCP Cross-Tenant Leak: A SaaS Connector Failure Mode
From May 1 to June 17, 2025, Asana's MCP server exposed records from one customer's workspace to another. The bug was a textbook authorization break wearing an AI label.
Introducing the Safeguard MCP Server: AI-Native Software Supply Chain Security
Safeguard launches its MCP Server, bringing software supply chain security directly into AI-powered development workflows through the Model Context Protocol.
Line Jumping: How MCP Tool Descriptions Attack Before Tools Are Called
Trail of Bits coined 'line jumping' for prompt injection delivered through MCP tool descriptions on connection. It bypasses every tool-invocation guardrail by design.
MCP Server Authentication and Authorization: Securing the AI Tool Layer
The Model Context Protocol enables AI agents to interact with external tools and data sources. Securing MCP servers requires authentication, authorization, and input validation patterns specific to the AI agent context.
MCP Protocol Security: What the Model Context Protocol Means for Supply Chains
Anthropic's Model Context Protocol standardizes how AI models interact with external tools. The security implications for software supply chains are significant.