The State of MCP Security [pdf]

30 pointsposted 12 hours ago
by mavzer

4 Comments

shitloadofbooks

10 hours ago

I couldn't find anything else to do exactly what I wanted (or wasn't just a blatent rugpull towards "enterprise pricing" waiting to happen) so I slopped together an MCP Proxy that uses FastMCP to proxy a list of upstream MCPs behind Entra oauth, with CEL-expressions for per-tool RBAC.

The peace of mind it brought not trusting other people's slopped out MCPs to do the right thing with authentication is immense.

It's internal only, but it was a Fable 5 one-shot (3 shot if you count a second prompt to generate the Helm Chart and docs site) that you could DIY because the FastMCP library is extremely sensible and well-documented.

mavzer

10 hours ago

Nice. Basically, I see 3 ways the MCP ecosystem converging

- Centralized, well trusted sources for MCP servers - Technical people like you creating their own, private MCPs for specific use cases - An MCP governance layer that brings a bit of sense into this new world

Otherwise, it’s a security time bomb. We already see MCP specific attacks out in the wild.

pjmlp

30 minutes ago

MCP is basically web services for AI tools, thus the same care should be in place for security, unfortunely that isn't what happens, thus as usual DevSecOps will have lots of fun.

mavzer

14 minutes ago

100%!! All AI tooling (MCPs, skills, models etc) has to go through the same scrutiny applied to any other web service. But as always, security is an afterthought that comes back to bite.