Model Context Protocol Security

A Cloud Security Alliance Community Project - Secure Autonomy: Hardening Model-Context-Protocol Servers & Agents

Get Started Join Discussion

This comprehensive resource provides security guidance, best practices, and tools for safely deploying Model Context Protocol (MCP) servers and AI agents. MCP has become the de-facto adapter layer that lets autonomous agents interact with APIs, services, and systems - but this power comes with significant security responsibilities.

---

Quick Start

New to MCP Security? Start with our Why MCP Security? overview

Critical Risks? Review the MCP Top 10 Security Risks

Ready to Secure? Jump to the Hardening Guide

Operating MCP Servers? Check our Operations Guide

Need to Audit? Use our MCP Audit Tools

Want to Contribute? Share your knowledge in our Community

---

Security Guides

🔍 Why MCP Security?

Executive brief on MCP security risks and value proposition. Perfect for decision-makers and security teams.

Learn More →

⚠️ MCP Top 10 Security Risks

Comprehensive Top 10 lists covering the most critical security risks in both MCP server and client implementations.

Review Risks →

🎯 Security TTPs

Comprehensive database of MCP security tactics, techniques, and procedures for defenders and developers.

Explore TTPs →

🚨 Known Vulnerabilities

Documented security vulnerabilities in MCP implementations, including CVEs, security advisories, and incident reports.

View Vulnerabilities →

🛡️ Hardening Guide

Comprehensive security framework covering provenance, isolation, traffic mediation, and more.

Start Hardening →

⚙️ Operations Guide

Production-ready guidance for securely operating MCP servers with containers, network controls, and monitoring.

View Operations →

🏗️ Reference Patterns

Architecture patterns and deployment guides for common MCP security scenarios.

View Patterns →

🔎 Audit Tools

Security evaluation tools, scorecards, and step-by-step audit procedures for MCP deployments.

Start Auditing →

🛠️ Tools & Scripts

Security automation tools, utilities, and scripts for MCP security operations.

View Tools →

---

Community Resources

Discussion & Collaboration

• GitHub Discussions - Ask questions, share insights, propose improvements
• Main Organization - All project repositories and resources
• Working Group Meetings - Bi-weekly technical discussions and planning sessions

Community Databases

• Audit Database - Community-maintained MCP security audit results
• Vulnerability Database - Known security issues and CVEs

How to Contribute

We welcome contributions to strengthen AI agent infrastructure security:

1. Start a Discussion - Share ideas in our GitHub Discussions
2. Join Working Group - Participate in bi-weekly meetings
3. Document Security Patterns - Share deployment architectures and lessons learned
4. Contribute Audit Findings - Help build the community security database
5. Improve Hardening Guides - Add practical examples and real-world scenarios
6. Develop Security Tools - Build automation scripts and utilities

Every contribution helps strengthen the security of AI agent infrastructure for everyone.

---

This project is sponsored by the Cloud Security Alliance and maintained by the Model Context Protocol Security Working Group.