model-context-protocol
Safeguard articles tagged "model-context-protocol" — guides, analysis, and best practices for software supply chain and application security.
17 articles
Analysis of known MCP server CVEs and disclosed vulnerabi...
Two critical CVEs — in mcp-remote and Anthropic's MCP Inspector — reveal how MCP server vulnerabilities let untrusted servers execute code on client machines.
Risks of MCP server rug-pulls and silently changing tool ...
An MCP rug pull attack swaps a trusted server's tool definitions after approval. Here's how tool definition drift happens, and how Safeguard catches it early.
Glossary of Model Context Protocol security terminology
A precise MCP security glossary covering clients, servers, resources vs. tools, tool poisoning, rug pulls, and the confused deputy problem — with real-world examples.
MCP Spec 2025-11-25: Tasks, URL Mode Elicitation, and What Defenders Must Watch
The November 25, 2025 Model Context Protocol release adds Tasks, formalises long-running work, and reshapes the audit story for enterprise MCP.
Model Context Protocol Security 101: What Could Go Wrong ...
MCP lets AI models call tools automatically — and lets malicious servers hide instructions in plain sight. Here's how tool poisoning, rug pulls, and shadowing actually work.