Cybersecurity

Securing MCP Servers: Risks and Checklist

Securing Model Context Protocol (MCP) servers is the practice of protecting the tools, APIs, and data sources they expose to AI agents against risks like token leakage, over-permissioning, and supply-chain attacks.

Securing Model Context Protocol (MCP) servers is the practice of implementing robust controls to protect the tools, APIs, and data sources they expose to autonomous AI agents. These servers act as a critical bridge, providing agents with the necessary context and capabilities to perform tasks, but this connectivity also creates a significant attack surface. Without proper hardening, MCP servers can become a vector for data exfiltration, unauthorized actions, and system compromise.

This guide outlines the primary security risks associated with MCP servers, including over-broad permission scopes, supply-chain vulnerabilities in tools, API token leakage, and the 'confused deputy' problem. We will then provide a concrete hardening checklist for engineering teams to mitigate these threats and build a more resilient AI agent infrastructure.

Latest briefings on Securing MCP Servers: Risks and Checklist

AI
Salesforce AI Agent Only Charges for Solved Problems
Salesforce launched a new AI help agent with a novel pricing model. Companies will only pay when the AI successfully resolves a customer issue, directly linking support costs to its actual performance and value.
Neeraj Dhiman · 3h ago
Infra
AWS Launches First Cloud Servers with PCIe 6.0
AWS is now the first cloud provider to offer servers with PCIe 6.0, beating rivals like Intel and AMD to the milestone. The new Graviton5 instances provide significantly faster data transfer for demanding workloads.
Ashish Kale · 20h ago
Data
Skip the Extra Servers, Run Python in BigQuery
Google BigQuery now lets developers run custom Python code directly within the data warehouse. This simplifies complex data analysis and machine learning tasks by eliminating the need to manage separate computing infrastructure for Python scripts.
Taranpreet Singh · 2d ago
AI
Simple Config Flaws Are Hurting Your AI Agent
Researchers have identified common "smells"—structural flaws in AI agent configuration files. These issues can waste tokens, bloat context, and make your coding assistants less reliable and more expensive to run.
Neeraj Dhiman · 3d ago
AI
Nvidia Reveals Its Simple Strategy for AI Agents
Nvidia defines an AI agent as simply a large language model plus a "harness" to connect it to tools. This view shapes its support for frameworks like OpenClaw, signaling a key direction for developers building autonomous AI systems.
Neeraj Dhiman · 4d ago
AI
How OpenAI's AI Agent Queries 600 Petabytes
OpenAI revealed how its internal AI agent, Kepler, analyzes over 600 petabytes of data. It uses techniques like RAG and automated code analysis to overcome context limits, offering a blueprint for building large-scale AI systems.
Neeraj Dhiman · 6d ago
Infra
Azure Adds AI Agents With No Cold Start
Azure Functions now has a serverless agents runtime in public preview. It lets developers build AI-powered automations without the usual cold start delays or extra costs on the Flex Consumption plan.
Ashish Kale · 6d ago
AI
AI Agent Flaw Lets One Page Hijack Your Server
Microsoft security researchers discovered a critical vulnerability named 'AutoJack' in AI agent frameworks like AutoGen Studio. The flaw allows an attacker to gain full control of the host server using just a single malicious web page.
Neeraj Dhiman · 6d ago
Tech
GitHub's New App Puts AI Agents to Work
GitHub launched a new desktop app for Copilot. It acts as a control center to manage AI coding agents, aiming to fix disjointed workflows and cut down on time spent reviewing AI-generated code.
Taranpreet Singh · 1w ago
AI
A Blueprint for Building AI Agents That Last
A new architectural blueprint helps engineering leaders build more reliable AI agent systems. It uses modular frameworks and event-sourcing to create agents that can handle complex, unpredictable tasks without failing.
Neeraj Dhiman · 1w ago
Infra
How One Hot AWS Server Halted Coinbase Trading
Coinbase revealed a simple cooling failure in one AWS data center caused its multi-hour trading outage. The incident shows how small hardware problems can trigger massive disruptions for even the largest cloud-dependent companies.
Ashish Kale · 1w ago
Infra
Siemens Uses AI Agents to Modernize Factory Software
Siemens is partnering with Google Cloud to modernize its vast industrial software using AI agents. This new approach tackles the complex challenge of updating legacy code, offering a potential model for other large enterprises.
Ashish Kale · 1w ago
AI
Why Your Team Isn't Ready for AI Agents Yet
MIT experts warn that the biggest hurdle for agentic AI isn't the technology, but human readiness. Leaders are discovering a major gap between the hype and the reality of integrating these advanced AI systems into daily workflows.
Neeraj Dhiman · 1w ago
AI
Designing Reliable AI Agent Systems
Aaron Erickson outlines a shift from basic AI testing to building robust, multi-agent systems. He details architectural patterns for production-grade AI, including combining deterministic guardrails with agentic discovery, optimizing agent hierarchies, and implementing rigorous evaluation frameworks to ensure reliability and scalability.
Neeraj Dhiman · 1w ago
AI
Robinhood now lets AI agents trade stocks
Robinhood has introduced a new feature allowing users to connect AI agents to their trading accounts. These agents can analyze portfolios and execute trades, but are restricted to using a pre-loaded balance in a dedicated wallet, limiting potential financial risk from automated strategies.
Neeraj Dhiman · 1w ago
Security
Media File Flaw Puts Legacy Ubuntu Servers at Risk
A security patch has been released for a critical GStreamer vulnerability affecting Ubuntu 16.04 LTS. Malicious AVI files could allow attackers to crash systems or run arbitrary code, making this update crucial for teams managing legacy infrastructure.
Neeraj Dhiman · 1w ago
Security
AI Agents Lead New Security Threats
A recent security bulletin highlights a range of emerging threats facing organizations. These include the misuse of AI agents for malicious purposes, the availability of new command-and-control tools for attackers, deceptive social engineering tactics, and the continued use of JavaScript backdoors to compromise systems.
Neeraj Dhiman · 1w ago
Data
Stop Rebuilding Your AI Agent Data Connections
Redis has released a new tool, RedisVL MCP, that lets developers connect their Redis data to various AI agent frameworks without rewriting code for each one. This simplifies building AI applications on existing data stores.
Taranpreet Singh · 1w ago
AI
The AI Agent Integration Debate
Enterprise software vendors agree that AI agents require deep context to be useful, but they are divided on how to provide it. The key debate is whether companies should integrate AI into existing systems or undertake a risky strategy of rebuilding their entire infrastructure from scratch.
Neeraj Dhiman · 1w ago
Security
Multiple Vulnerabilities Found in Apache Server
Multiple vulnerabilities have been discovered in the Apache HTTP Server, including issues that could lead to denial-of-service, authentication bypass, and server-side request forgery. The flaws affect several Ubuntu LTS versions, prompting security updates for systems running the popular web server software.
Neeraj Dhiman · 1w ago
AI
Securing the Next Wave of AI
The rapid rise of agentic and predictive AI in business applications represents a major innovation wave. The capabilities of these autonomous agents are developing faster than our security and management frameworks, creating a significant challenge for developers, security teams, and business leaders to address.
Neeraj Dhiman · 1w ago
AI
Are We Deploying AI Agents Like It's 1999?
A new opinion piece warns that the rush to build AI agents is repeating the mistakes of early software development, where deploying apps was as simple and risky as copying a .exe file.
Neeraj Dhiman · 1w ago
AI
How LinkedIn Manages Its AI Agent Workforce
LinkedIn is building a unified platform to manage its AI agents for engineering tasks like coding and UI testing. This approach moves beyond scattered AI tools, creating a scalable system for complex, multi-agent workflows.
Neeraj Dhiman · 1w ago
AI
Use of AI Agents in Business to Surge 300%
The use of autonomous AI agents in business is expected to surge by 300% in the next two years. Unlike current tools, these agents can handle complex tasks on their own, creating a new kind of hybrid human-AI workforce.
Neeraj Dhiman · 1w ago
AI
The Race to Build Enterprise AI Agents Is On
The focus in enterprise AI is shifting from large language models to orchestrated AI agents. Companies are now racing to build systems that can manage complex, data-driven tasks automatically, marking the next major evolution in business AI.
Neeraj Dhiman · 1w ago
AI
AI Agent Adoption Surges Among Developers
A new Stack Overflow survey reveals that 59% of software engineers now use agentic AI, nearly doubling previous adoption rates. This rapid growth shows a clear trend, though current use cases remain primarily focused on single-agent tasks that are closely monitored by developers.
Neeraj Dhiman · 1w ago
Security
tar-fs Flaw Exposes Ubuntu Servers
A critical path traversal vulnerability has been found in the `tar-fs` Node.js library on Ubuntu 22.04 LTS and 24.04 LTS. The flaw allows attackers to write or overwrite files outside the intended directory using a specially crafted tar archive, posing a significant security risk.
Neeraj Dhiman · 1w ago
Security
Exim mail server vulnerability discovered
A security vulnerability has been found in the Exim mail transfer agent. The issue, caused by improper memory handling when the PROXY protocol is enabled, could allow a remote attacker to access sensitive information before SMTP authentication. The flaw affects systems where this specific configuration is used.
Neeraj Dhiman · 1w ago
Infra
AI Agents Need a Sandbox Before They Touch Code
As AI agents increasingly write code, the key challenge is trust. For cloud-native apps, this means verifying an agent's work in a live runtime environment before it ever becomes a pull request, ensuring the code is safe and effective.
Ashish Kale · 1w ago
AI
Robinhood Opens Platform to AI Agents
Robinhood has launched a new feature allowing users to create dedicated, funded accounts for AI agents. These agents can autonomously buy and sell stocks, enabling automated investment strategies like monitoring and trading within specific industries. The move opens new possibilities for algorithmic trading on the platform.
Neeraj Dhiman · 1w ago

Frequently asked questions

What is the 'confused deputy' problem in MCP servers?

The confused-deputy problem occurs when an AI agent with legitimate authority is tricked by a malicious actor into misusing its permissions. For an MCP server, this could mean a user prompts the agent to access a tool or API in a way that exceeds their own authorization, leveraging the agent's broader privileges. Mitigating this requires strict, context-aware authorization checks for every action the agent attempts.

How does token leakage affect MCP server security?

Token leakage involves the unintentional exposure of API keys or authentication tokens that the MCP server uses to connect to downstream tools and services. If an agent inadvertently includes a leaked token in its output logs or a response, an attacker could capture it to gain direct, unauthorized access to those backend systems. Proper credential management, short-lived tokens, and output filtering are essential to prevent this.

Why are over-broad scopes a major risk for MCP?

Over-broad scopes grant an AI agent more permissions than it needs to perform its intended function, violating the principle of least privilege. This magnifies the impact of any potential compromise, as an attacker who gains control of the agent can then abuse this excessive access. Scopes should be narrowly defined for each tool and task, and dynamically adjusted based on the immediate context.

What is a key supply-chain risk for MCP servers?

A primary supply-chain risk is the integration of compromised or vulnerable third-party tools and libraries into the MCP server's toolset. If an agent is given access to a tool with a hidden vulnerability, an attacker could exploit it through carefully crafted prompts to compromise the server or connected systems. Vetting all integrated tools, dependency scanning, and sandboxing are critical mitigation strategies.

Securing MCP Servers: Risks and Checklist

Latest briefings on Securing MCP Servers: Risks and Checklist

AI
Salesforce AI Agent Only Charges for Solved Problems
Salesforce launched a new AI help agent with a novel pricing model. Companies will only pay when the AI successfully resolves a customer issue, directly linking support costs to its actual performance and value.
Neeraj Dhiman · 3h ago
Infra
AWS Launches First Cloud Servers with PCIe 6.0
AWS is now the first cloud provider to offer servers with PCIe 6.0, beating rivals like Intel and AMD to the milestone. The new Graviton5 instances provide significantly faster data transfer for demanding workloads.
Ashish Kale · 20h ago
Data
Skip the Extra Servers, Run Python in BigQuery
Google BigQuery now lets developers run custom Python code directly within the data warehouse. This simplifies complex data analysis and machine learning tasks by eliminating the need to manage separate computing infrastructure for Python scripts.
Taranpreet Singh · 2d ago
AI
Simple Config Flaws Are Hurting Your AI Agent
Researchers have identified common "smells"—structural flaws in AI agent configuration files. These issues can waste tokens, bloat context, and make your coding assistants less reliable and more expensive to run.
Neeraj Dhiman · 3d ago
AI
Nvidia Reveals Its Simple Strategy for AI Agents
Nvidia defines an AI agent as simply a large language model plus a "harness" to connect it to tools. This view shapes its support for frameworks like OpenClaw, signaling a key direction for developers building autonomous AI systems.
Neeraj Dhiman · 4d ago
AI
How OpenAI's AI Agent Queries 600 Petabytes
OpenAI revealed how its internal AI agent, Kepler, analyzes over 600 petabytes of data. It uses techniques like RAG and automated code analysis to overcome context limits, offering a blueprint for building large-scale AI systems.
Neeraj Dhiman · 6d ago
Infra
Azure Adds AI Agents With No Cold Start
Azure Functions now has a serverless agents runtime in public preview. It lets developers build AI-powered automations without the usual cold start delays or extra costs on the Flex Consumption plan.
Ashish Kale · 6d ago
AI
AI Agent Flaw Lets One Page Hijack Your Server
Microsoft security researchers discovered a critical vulnerability named 'AutoJack' in AI agent frameworks like AutoGen Studio. The flaw allows an attacker to gain full control of the host server using just a single malicious web page.
Neeraj Dhiman · 6d ago
Tech
GitHub's New App Puts AI Agents to Work
GitHub launched a new desktop app for Copilot. It acts as a control center to manage AI coding agents, aiming to fix disjointed workflows and cut down on time spent reviewing AI-generated code.
Taranpreet Singh · 1w ago
AI
A Blueprint for Building AI Agents That Last
A new architectural blueprint helps engineering leaders build more reliable AI agent systems. It uses modular frameworks and event-sourcing to create agents that can handle complex, unpredictable tasks without failing.
Neeraj Dhiman · 1w ago
Infra
How One Hot AWS Server Halted Coinbase Trading
Coinbase revealed a simple cooling failure in one AWS data center caused its multi-hour trading outage. The incident shows how small hardware problems can trigger massive disruptions for even the largest cloud-dependent companies.
Ashish Kale · 1w ago
Infra
Siemens Uses AI Agents to Modernize Factory Software
Siemens is partnering with Google Cloud to modernize its vast industrial software using AI agents. This new approach tackles the complex challenge of updating legacy code, offering a potential model for other large enterprises.
Ashish Kale · 1w ago
AI
Why Your Team Isn't Ready for AI Agents Yet
MIT experts warn that the biggest hurdle for agentic AI isn't the technology, but human readiness. Leaders are discovering a major gap between the hype and the reality of integrating these advanced AI systems into daily workflows.
Neeraj Dhiman · 1w ago
AI
Designing Reliable AI Agent Systems
Aaron Erickson outlines a shift from basic AI testing to building robust, multi-agent systems. He details architectural patterns for production-grade AI, including combining deterministic guardrails with agentic discovery, optimizing agent hierarchies, and implementing rigorous evaluation frameworks to ensure reliability and scalability.
Neeraj Dhiman · 1w ago
AI
Robinhood now lets AI agents trade stocks
Robinhood has introduced a new feature allowing users to connect AI agents to their trading accounts. These agents can analyze portfolios and execute trades, but are restricted to using a pre-loaded balance in a dedicated wallet, limiting potential financial risk from automated strategies.
Neeraj Dhiman · 1w ago
Security
Media File Flaw Puts Legacy Ubuntu Servers at Risk
A security patch has been released for a critical GStreamer vulnerability affecting Ubuntu 16.04 LTS. Malicious AVI files could allow attackers to crash systems or run arbitrary code, making this update crucial for teams managing legacy infrastructure.
Neeraj Dhiman · 1w ago
Security
AI Agents Lead New Security Threats
A recent security bulletin highlights a range of emerging threats facing organizations. These include the misuse of AI agents for malicious purposes, the availability of new command-and-control tools for attackers, deceptive social engineering tactics, and the continued use of JavaScript backdoors to compromise systems.
Neeraj Dhiman · 1w ago
Data
Stop Rebuilding Your AI Agent Data Connections
Redis has released a new tool, RedisVL MCP, that lets developers connect their Redis data to various AI agent frameworks without rewriting code for each one. This simplifies building AI applications on existing data stores.
Taranpreet Singh · 1w ago
AI
The AI Agent Integration Debate
Enterprise software vendors agree that AI agents require deep context to be useful, but they are divided on how to provide it. The key debate is whether companies should integrate AI into existing systems or undertake a risky strategy of rebuilding their entire infrastructure from scratch.
Neeraj Dhiman · 1w ago
Security
Multiple Vulnerabilities Found in Apache Server
Multiple vulnerabilities have been discovered in the Apache HTTP Server, including issues that could lead to denial-of-service, authentication bypass, and server-side request forgery. The flaws affect several Ubuntu LTS versions, prompting security updates for systems running the popular web server software.
Neeraj Dhiman · 1w ago
AI
Securing the Next Wave of AI
The rapid rise of agentic and predictive AI in business applications represents a major innovation wave. The capabilities of these autonomous agents are developing faster than our security and management frameworks, creating a significant challenge for developers, security teams, and business leaders to address.
Neeraj Dhiman · 1w ago
AI
Are We Deploying AI Agents Like It's 1999?
A new opinion piece warns that the rush to build AI agents is repeating the mistakes of early software development, where deploying apps was as simple and risky as copying a .exe file.
Neeraj Dhiman · 1w ago
AI
How LinkedIn Manages Its AI Agent Workforce
LinkedIn is building a unified platform to manage its AI agents for engineering tasks like coding and UI testing. This approach moves beyond scattered AI tools, creating a scalable system for complex, multi-agent workflows.
Neeraj Dhiman · 1w ago
AI
Use of AI Agents in Business to Surge 300%
The use of autonomous AI agents in business is expected to surge by 300% in the next two years. Unlike current tools, these agents can handle complex tasks on their own, creating a new kind of hybrid human-AI workforce.
Neeraj Dhiman · 1w ago
AI
The Race to Build Enterprise AI Agents Is On
The focus in enterprise AI is shifting from large language models to orchestrated AI agents. Companies are now racing to build systems that can manage complex, data-driven tasks automatically, marking the next major evolution in business AI.
Neeraj Dhiman · 1w ago
AI
AI Agent Adoption Surges Among Developers
A new Stack Overflow survey reveals that 59% of software engineers now use agentic AI, nearly doubling previous adoption rates. This rapid growth shows a clear trend, though current use cases remain primarily focused on single-agent tasks that are closely monitored by developers.
Neeraj Dhiman · 1w ago
Security
tar-fs Flaw Exposes Ubuntu Servers
A critical path traversal vulnerability has been found in the `tar-fs` Node.js library on Ubuntu 22.04 LTS and 24.04 LTS. The flaw allows attackers to write or overwrite files outside the intended directory using a specially crafted tar archive, posing a significant security risk.
Neeraj Dhiman · 1w ago
Security
Exim mail server vulnerability discovered
A security vulnerability has been found in the Exim mail transfer agent. The issue, caused by improper memory handling when the PROXY protocol is enabled, could allow a remote attacker to access sensitive information before SMTP authentication. The flaw affects systems where this specific configuration is used.
Neeraj Dhiman · 1w ago
Infra
AI Agents Need a Sandbox Before They Touch Code
As AI agents increasingly write code, the key challenge is trust. For cloud-native apps, this means verifying an agent's work in a live runtime environment before it ever becomes a pull request, ensuring the code is safe and effective.
Ashish Kale · 1w ago
AI
Robinhood Opens Platform to AI Agents
Robinhood has launched a new feature allowing users to create dedicated, funded accounts for AI agents. These agents can autonomously buy and sell stocks, enabling automated investment strategies like monitoring and trading within specific industries. The move opens new possibilities for algorithmic trading on the platform.
Neeraj Dhiman · 1w ago