AI Security
Scoped Credentials Per MCP Server: A Pattern
Long-lived shared tokens are the wrong unit of trust for MCP servers. Here is the per-server scoped-credential pattern and how to roll it out.
Apr 4, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Long-lived shared tokens are the wrong unit of trust for MCP servers. Here is the per-server scoped-credential pattern and how to roll it out.
Most AI observability stacks log prompts and completions. The actual security signal is in the tool calls. Here is how to capture it.
Some tool calls cannot be undone. Out-of-band confirmation is the cheapest defense for that small set, and the most expensive thing to skip.
MCP gives AI agents real tools, real credentials, and real blast radius. Here is a hardening guide for running MCP servers in production without torching your environment.
A senior engineer's threat model for Claude MCP tool poisoning in 2026, covering malicious servers, description hijacking, and the authorization patterns that actually help.
MCP servers do not stay still. Tool surfaces drift, scopes expand, and the server you approved is not the server in production. Here is how to catch that.
The Model Context Protocol shifted agent integration from custom glue to a standard surface. Authorization patterns that work, and the ones that keep biting teams.
No single control stops prompt injection. The current state of the art is a defence-in-depth stack with controls at five distinct layers. Here it is.
A senior engineer's take on the confused deputy problem in AI agent tool use, why it keeps reappearing in 2026, and the architectural patterns that actually fix it.
Weekly insights on software supply chain security, delivered to your inbox.