The Model Context Protocol (MCP) is rapidly becoming the standard connective tissue for agentic AI, yet its security implications are often an afterthought. The attack surface is expanding to include complex server-side vulnerabilities and supply chain risks. This month’s digest highlights critical developments, including the release of the CoSAI security white paper and the discovery of remote code execution flaws in widely used MCP servers.
Total resources: 19
Category breakdown:
| Category | Count |
|---|---|
| MCP 101 | 4 |
| MCP vulnerability | 3 |
| Framework | 2 |
| Attack technique | 2 |
| Threat Model | 2 |
| Video | 2 |
| Article | 1 |
| Research | 1 |
| Resource | 1 |
| Tool | 1 |
This post serves as an introduction to MCP architecture, components, and security concerns, specifically highlighting the confused deputy problem and executable code risks. It further details the integration with master data for enterprise agentic AI.
This technical article explains the Model Context Protocol (MCP) and the FastMCP framework for securely connecting LLMs to systems. It discusses critical security challenges, including API key management, permission scopes, and prompt injection risks in AI integrations.
This is the Microsoft official documentation explaining the Model Context Protocol (MCP) as an open standard defining how applications provide tools and contextual data to LLMs. It includes vital security considerations for third-party MCP servers.
This Databricks glossary entry explains the Model Context Protocol with a focus on bidirectional communication, MCP clients/servers, and support for agentic AI workflows.
Three vulnerabilities (CVE-2025-68145, CVE-2025-68143, CVE-2025-68144) in Anthropic’s Git MCP server enable remote code execution via prompt injection. The flaws include path validation bypass, unrestricted git_init, and argument injection.
This report covers specific vulnerabilities in Anthropic’s Git MCP server and Microsoft’s MarkItDown MCP server, which are exploitable via prompt injection attacks. It provides technical details on exploitation paths including SSRF vulnerabilities.
Security researchers discovered three vulnerabilities in Anthropic’s Git MCP server that enable file access and remote code execution through prompt injection. The flaws affect mcp-server-git and demonstrate how AI systems connecting to external data sources can be exploited.
This is a comprehensive guide to MCP security, explaining key concepts from the CoSAI white paper on the subject. It reveals more than 40 MCP threats that most organizations aren’t addressing and proposes controls and mitigations.
This document details the full CoSAI’s MCP security framework. It covers 12 threat categories and provides actionable security controls including strong identity chains, zero-trust for AI agents, and sandboxing.
This article provides a comprehensive explanation of MCP tool poisoning attacks, a form of indirect prompt injection where malicious instructions are embedded in MCP tool metadata. It explains attack mechanics including hidden instructions and cross-server shadowing.
The author explores a novel attack vector in MCP systems involving runtime context corruption without requiring model retraining or traditional prompt injection. This represents a new category of supply chain attacks specific to Model Context Protocol implementations.
This is an analysis of MCP security vulnerabilities based on Cyber Sierra research. It lists specific threats including command injection, SSRF, path traversal, inadequate authentication, and prompt injection affecting MCP implementations.
This post offers a systematic analysis of security risks in MCP servers including indirect execution, semantic manipulation, and tool abuse. It also outlines defensive controls like intent-aware authorization.
This is a YouTube video discussing MCP security foundations, architecture, and threat models. It covers indirect prompt injection, command injection, and security considerations for MCP implementations.
This video presentation covers security approaches for enterprise AI applications with a focus on Model Context Protocol security architecture and the use of AI gateways. It discusses the practical implementation of security boundaries and controls for production AI systems.
This comprehensive article explains MCP as an open standard for AI-data integration and its adoption by major tech companies. It details architecture, security concerns like tool poisoning, and the broader open-source ecosystem.
This academic paper presents the Model-Control-Policy (MCP) framework for cybersecurity risk analysis in agentic AI systems. It provides a structured approach to identifying and managing security risks in AI agent deployments.
This is a comprehensive guide to the top 10 Model Context Protocol servers for 2026, including GitHub, MongoDB, and Azure. It explains MCP importance for reduced hallucinations and enhanced security, providing a comparison table of features and specifications.
This is a Hacker News discussion about building security monitoring tools for MCP servers to detect and prevent prompt injection attacks. It features community discussion on implementation approaches for MCP security controls.
The Model Context Protocol is effectively becoming the TCP/IP of the agentic AI era. As we have seen with the recent vulnerabilities in major MCP servers, treating these connections as trusted pipelines is a recipe for compromise. Security teams must immediately move to inventory their MCP integrations, apply rigid sandboxing, and treat every tool execution as a potential vector for indirect injection.
Everything you want to know about OpenClaw/ Moltbot/ Clawdbot security — architectural weaknesses, vulnerabilities, and multi-tier hardening strategies for individuals and organizations.
(c) Adversa AI, 2026. Continuous red teaming of AI systems, trustworthy AI research & advisory
