Project Charter

Mission

The Model Context Protocol Security project is a Cloud Security Alliance (CSA) community initiative dedicated to establishing security best practices, tools, and guidance for MCP implementations and AI agent infrastructure.

Scope

This project covers:

• Security hardening guidelines for MCP servers and clients
• Vulnerability research and disclosure for MCP-related components
• Development of security tools and audit frameworks
• Community education and awareness programs
• Policy recommendations for enterprise MCP deployments

Leadership

• Lead Maintainer: Kurt Seifried
• Deputy Maintainer: Hillary Baron
• Working Group: Model Context Protocol Security Working Group

Decision Making

Decisions are made through rough consensus and lazy majority among active contributors. For significant changes, a 72-hour discussion period is required before implementation.

Contribution Guidelines

• All contributions must align with the project’s security-focused mission
• Technical content should be practical and actionable
• Security advisories follow coordinated disclosure practices
• Community interactions must follow our Code of Conduct

Governance

This project operates under the Cloud Security Alliance’s governance structure and follows CSA’s intellectual property and licensing policies.