The MCP Threat Surface#
MCP’s popularity means a massive expansion of the AI threat surface. We’ve gone from isolated chatbots to AI agents with broad system access including token replay attacks, tool poisoning and prompt injection cascades.
I contributed 17 new testable security requirements specifically for MCP implementations. These controls cover the critical security gaps:
- Authentication & Authorization: Mutual-TLS, signed tokens, proper OAuth scoping
- Server Management: Allow-listing, manifest integrity, connection validation
- Runtime Protection: Rate limiting, sandboxing, anomaly detection
- Transparency: Audit logging, user visibility into tool invocations
The goal was to give developers clear controls and guidance to implement MCP securely.
Resources#
- Read the full technical analysis at Snyk Labs
- Check out the OWASP LLMSVS controls for the complete security requirements