A curation of awesome resources, papers, and tools focused on Model Context Protocol (MCP) security.
Contributions are always welcome. Please read the Contribution Guidelines before contributing.
- "Model Context Protocol (MCP): Landscape, Security Threats, and Future Research Directions", 2025-03, paper
- "MCP Safety Audit: LLMs with the Model Context Protocol Allow Major Security Exploits", 2025-04, paper
- "Enterprise-Grade Security for the Model Context Protocol (MCP): Frameworks and Mitigation Strategies",2025-04, paper
- OAuth Token Theft: MCP servers store authentication tokens for various services, creating a high-value target for attackers (Pillar Security)
- Permission Boundary Problems: Unclear boundaries between services connected through MCP (Block InfoSec)
- Tool Description Manipulation: Hidden instructions in tool descriptions can cause AI models to perform unauthorized actions (Pillar Security)
- Indirect Prompt Injection: Malicious content embedded in processed documents that trigger MCP actions (Pillar Security)
- Installer Risks: MCP server installers without proper validation can introduce security risks (arxiv:2503.23278)
- Tool Name Conflicts: Naming collisions in MCP tools can lead to confusion and security issues (arxiv:2503.23278)
- MCP Specification - Official MCP specification with security recommendations
- Glama.ai MCP Server Directory - Security-aware directory of MCP servers with security scoring
- Damn Vulnerable MCP Server - A server intentionally designed with flaws for security testing and training.
- MCP-scan - Security scanning tool designed to go over your installed MCP servers and check them for common security vulnerabilities like prompt injections, tool poisoning and cross-origin escalations.
- ToolHive - Lightweight utility designed to simplify the deployment and management of MCP servers, ensuring ease of use, consistency, and security.
- MCP-Shield - Scans your installed MCP servers and detects vulnerabilities like tool poisoning attacks, exfiltration channels and cross-origin escalations.
- mcp-injection-experiments - MCP Tool Poisoning Experiments
- MCP Guardian - Manages your LLM assistant's access to MCP servers, handing you realtime control of your LLM's activity.
- The Security Risks of Model Context Protocol (MCP) - Analysis of OAuth token theft and prompt injection risks
- Securing the Model Context Protocol - Best practices for MCP security by Block's InfoSec team
- How to Determine If An MCP Server Is Safe - Guidelines for evaluating MCP server security
- AI Model Context Protocol (MCP) and Security - Comprehensive guide by Omar Santos covering MCP security architecture, authentication best practices, data security, and tool exposure security considerations
- AI agent identity: it's just OAuth - Discussion about Authentication for AI Agents. Mentions OAuth Fails for MCP based AI Agents.
- Model Context Protocol has prompt injection security problems - As more people start hacking around with implementations of MCP (the Model Context Protocol, a new standard for making tools available to LLM-powered systems) the security implications of tools built on that protocol are starting to come into focus.
- The hidden security threats of MCP—and how to mitigate them - Some of the biggest security threats to consider and how you can address them.
- Awesome LLM Security - A curated list focused on LLM security more broadly
- Model Context Protocol - Official MCP GitHub organization with specification and reference implementations
- tl;dr sec #272 - Newsletter discussing AI Model Context Protocol Security
- tl;dr sec #273 - Newsletter covering MCP security tools and threats