<div align="center" >🤝 Show your support - give a ⭐️ if you liked the content </div>

---

Awesome MCP Security

Everything you need to know about Model Context Protocol (MCP) security.

Table of Contents

• Awesome MCP Security
  • 📔 Security Considerations
  • 📃 Papers
  • 📺 Videos
  • 📕 Articles, X threads and Blog Posts
  • 🧑‍🚀 Tools and code
  • 💾 MCP Security Servers
  • 💻 Other Useful Resources

📔 Security Considerations

Official Security Considerations from the Official MCP Specification Rev: 2025-03-26

[!NOTE] 15.04.2025: The current MCP auth specification is in progress of being replaced by a more robust specification. Please join the conversation if you have concerns around the current auth specification.

• Servers MUST:

  • Validate all tool inputs
  • Implement proper access controls
  • Rate limit tool invocations
  • Sanitize tool outputs

• Clients SHOULD:

  • Prompt for user confirmation on sensitive operations
  • Show tool inputs to the user before calling the server, to avoid malicious or accidental data exfiltration
  • Validate tool results before passing to LLM
  • Implement timeouts for tool calls
  • Log tool usage for audit purposes

[!WARNING]
For trust & safety and security, clients MUST consider tool annotations to be untrusted unless they come from trusted servers.

[!WARNING]
For trust & safety and security, there SHOULD always be a human in the loop* with the ability to deny tool invocations.

Applications SHOULD:

• Provide UI that makes clear which tools are being exposed to the AI model.
• Insert clear visual indicators when tools are invoked.
• Present confirmation prompts to the user for operations, to ensure a human is in the loop.

[!NOTE]
*Human-in-the-Loop (HITL) means that user help monitor and guide automated tasks, like deciding whether to accept tool requests in Cursor.

📃 Papers

• (2025-08) Systematic Analysis of MCP Security
• (2025-05) Beyond the Protocol: Unveiling Attack Vectors in the Model Context Protocol Ecosystem
• (2025-05) Enterprise-Grade Security for the Model Context Protocol (MCP): Frameworks and Mitigation Strategies
• (2025-04) Simplified and Secure MCP Gateways for Enterprise AI Integration by Ivo Brett
• (2025-04) [MCP Guardian: A Security-First Layer for Safeguarding MCP-Based AI Syste...