Skip to content

MCPs

Work in Progress

This section is a draft: It will probably drastically change in the upcoming days.

Articles

Theory

Article Description
Model Context Protocol (MCP) Official website
MCP Simply explained in 5 minutes What MCP is, how it can save you time, and how it works behind the scenes
A Security Engineer's Guide to MCP MCP is quickly becoming the API standard for AI coding agents. That means new attack surfaces, and security engineers need to know how to test them safely

Defense

Article Description
MCP-Security-Checklist A comprehensive security checklist for MCP-based AI tools
MCP is the new interface for security tools Security vendors are building official MCP servers because they see the value of making information and actions available to less technical users
Research Briefing: MCP Security A post exploring the evolving Model Context Protocol (MCP), its security risks, and how to prepare for safe adoption as LLMs connect to external systems
  • Safely Using MCP Servers
  • Writing and Offering MCP Servers
Augmented LLM for Threat Hunting An MCP implementation to augment Claude LLM for interacting with Elasticsearch to assist with threat identification
MCP Server Security: The Hidden AI Attack Surface MCP servers connecting AI assistants to external tools create significant attack surfaces enabling arbitrary code execution, data exfiltration, and social engineering. Both local and remote MCP servers can be exploited through server chaining, supply chain attacks, and malicious tool implementations

Attacks

Article Description
Jumping the line: How MCP servers can attack you before you ever use them A vulnerability ("line jumping"), in the way MCP is implemented that undermines its core security promises. It allows malicious MCP servers to execute attacks before any tool is even invoked
How MCP servers can steal your conversation history A more effective way to exploit line jumping: injecting trigger phrases into tool descriptions to exfiltrate the user's entire conversation history
Insecure credential storage plagues MCP Many MCP environments store long-term API keys for third-party services in plaintext on the local filesystem, often with insecure, world-readable permissions
MCP Tool Poisoning Attacks A vulnerability that can lead to sensitive data exfiltration and unauthorized actions by AI models
GitHub MCP Exploited: Accessing private repositories via MCP Post showcasing a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data
Poison everywhere: No output from your MCP server is safe Post diving into Tool Poisoning Attacks (TPA) on MCP servers
Zero-Click Remote Code Execution: Exploiting MCP & Agentic IDEs How a zero-click MCP attack turns a shared Google Doc into remote code execution, stolen secrets, and enterprise-wide compromise
MCP vulnerability case study: SQL injection in the Postgres MCP server Learn howa vulnerability in Anthropic's reference Postgres MCP server allowed to bypass the read-only restriction and execute arbitrary SQL statements

Tools

Development

Name Description
Servers
Cloudflare
Testing
toolhive Run and manage MCP servers easily and securely
container-use Development environments for coding agents. Enable multiple agents to work safely and independently with your preferred stack

Security

Name Description
mcp-scan A security scanning tool designed to go over your installed MCP servers and check them for common security vulnerabilities
mcp-watch A security scanner for MCP servers that detects vulnerabilities and security issues in your MCP server implementations
mcp-context-protector
mcp-audit-extension Audit and log all GitHub Copilot MCP tool calls in VSCode with ease

Labs

Name Description
damn-vulnerable-MCP-server A deliberately vulnerable implementation of MCP
mcp-injection-experiments Code snippets to reproduce MCP tool poisoning attacks
library-mcp A library for working with Markdown knowledge bases