AI Security
Enterprise MCP Registry Onboarding Process
A repeatable onboarding flow for adding MCP servers to an enterprise registry without becoming the team that says no to everything.
Apr 8, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A repeatable onboarding flow for adding MCP servers to an enterprise registry without becoming the team that says no to everything.
Prompt traces and offline evals are standard hygiene for ML teams, but almost nobody treats them as supply chain telemetry. They should be. Here's how traces and evals plug into SBOM and reachability as a fourth security signal.
AI-authored fix PRs are only safe when there is a deliberate human review gate in front of them. Here is how to build one that is fast and trustworthy.
Most security pipelines are organised around CVEs that already exist. Here is what changes when you flip the pipeline to surface zero-days first instead.
A senior engineer's breakdown of indirect prompt injection in RAG pipelines, how real attacks land through retrieved content, and what actually reduces exposure.
Demos live on a single repo and a curated dataset. Real deployments hit fifty repos, three CI providers, two cloud accounts, and an air-gapped environment. The gap is where vendors get sorted.
MCP servers went from a niche protocol to standard agent infrastructure in under two years. The vulnerability disclosure landscape is catching up — fast, messily, and with patterns worth tracking.
Long-lived shared tokens are the wrong unit of trust for MCP servers. Here is the per-server scoped-credential pattern and how to roll it out.
Most fix PRs fail because they ignore breaking changes in the patched version. Here is how breaking-change-aware remediation closes vulns without regressions.
Weekly insights on software supply chain security, delivered to your inbox.