A Security Engineer's Guide to MCP

Semgrep's exploration of the Model Context Protocol (MCP) highlights its significance in the Agentic AI Coding space, emphasizing the need for Application Security (AppSec) engineers to understand its intricacies and potential vulnerabilities. MCP, akin to REST or SOAP, is a specification for programmatic tool interfaces where language models act as callers, necessitating rigorous security measures similar to those for APIs. Key issues include tool poisoning, tool shadowing, and "rug-pulling," where vulnerabilities such as prompt injection and privilege escalations could be exploited if not properly managed. The text advises using tools like MCP Inspector for security audits and recommends explicit tool references to avoid name collisions. Furthermore, it underscores the importance of robust authentication, particularly with the adoption of OAuth 2.1, and suggests downloading Semgrep's MCP Security Cheatsheet for comprehensive evaluations. As MCP evolves, integrating new capabilities requires careful consideration to prevent old vulnerabilities from resurfacing in novel contexts, with the overall goal of fortifying the LLM ecosystem.