MCPs
Work in Progress
This section is a draft: It will probably drastically change in the upcoming days.
Articles¶
Theory¶
| Article | Description |
|---|---|
| Model Context Protocol (MCP) | Official website |
| MCP Simply explained in 5 minutes | What MCP is, how it can save you time, and how it works behind the scenes |
| A Security Engineer's Guide to MCP | MCP is quickly becoming the API standard for AI coding agents. That means new attack surfaces, and security engineers need to know how to test them safely |
Defense¶
| Article | Description |
|---|---|
| MCP-Security-Checklist | A comprehensive security checklist for MCP-based AI tools |
| MCP is the new interface for security tools | Security vendors are building official MCP servers because they see the value of making information and actions available to less technical users |
| Research Briefing: MCP Security | A post exploring the evolving Model Context Protocol (MCP), its security risks, and how to prepare for safe adoption as LLMs connect to external systems
|
| Augmented LLM for Threat Hunting | An MCP implementation to augment Claude LLM for interacting with Elasticsearch to assist with threat identification |
| MCP Server Security: The Hidden AI Attack Surface | MCP servers connecting AI assistants to external tools create significant attack surfaces enabling arbitrary code execution, data exfiltration, and social engineering. Both local and remote MCP servers can be exploited through server chaining, supply chain attacks, and malicious tool implementations |
Attacks¶
| Article | Description |
|---|---|
| Jumping the line: How MCP servers can attack you before you ever use them | A vulnerability ("line jumping"), in the way MCP is implemented that undermines its core security promises. It allows malicious MCP servers to execute attacks before any tool is even invoked |
| How MCP servers can steal your conversation history | A more effective way to exploit line jumping: injecting trigger phrases into tool descriptions to exfiltrate the user's entire conversation history |
| Insecure credential storage plagues MCP | Many MCP environments store long-term API keys for third-party services in plaintext on the local filesystem, often with insecure, world-readable permissions |
| MCP Tool Poisoning Attacks | A vulnerability that can lead to sensitive data exfiltration and unauthorized actions by AI models |
| GitHub MCP Exploited: Accessing private repositories via MCP | Post showcasing a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data |
| Poison everywhere: No output from your MCP server is safe | Post diving into Tool Poisoning Attacks (TPA) on MCP servers |
| Zero-Click Remote Code Execution: Exploiting MCP & Agentic IDEs | How a zero-click MCP attack turns a shared Google Doc into remote code execution, stolen secrets, and enterprise-wide compromise |
| MCP vulnerability case study: SQL injection in the Postgres MCP server | Learn howa vulnerability in Anthropic's reference Postgres MCP server allowed to bypass the read-only restriction and execute arbitrary SQL statements |
Tools¶
Development¶
| Name | Description |
|---|---|
| Servers | |
| Cloudflare |
|
| Testing | |
| toolhive | Run and manage MCP servers easily and securely |
| container-use | Development environments for coding agents. Enable multiple agents to work safely and independently with your preferred stack |
Security¶
| Name | Description |
|---|---|
| mcp-scan | A security scanning tool designed to go over your installed MCP servers and check them for common security vulnerabilities |
| mcp-watch | A security scanner for MCP servers that detects vulnerabilities and security issues in your MCP server implementations |
| mcp-context-protector |
|
| mcp-audit-extension | Audit and log all GitHub Copilot MCP tool calls in VSCode with ease |
Labs¶
| Name | Description |
|---|---|
| damn-vulnerable-MCP-server | A deliberately vulnerable implementation of MCP |
| mcp-injection-experiments | Code snippets to reproduce MCP tool poisoning attacks |
| library-mcp | A library for working with Markdown knowledge bases |