StackHawk Now Tests MCP Servers for Security Vulnerabilities

StackHawk has introduced automated security testing for remote MCP servers, which have rapidly become essential for connecting enterprise applications with AI services. MCP servers, which facilitate standardized communication using the JSON-RPC 2.0 protocol, have seen a massive increase in adoption due to their ability to unify various AI tools with existing services. However, their network accessibility raises significant security concerns, as they can expose organizations to familiar risks like SQL injection and server-side request forgery (SSRF), potentially compromising internal systems and user data. Prior to StackHawk's innovation, testing these servers was a blind spot for many organizations, with options limited to manual penetration tests or scripts. StackHawk's new tool integrates MCP server scanning into its platform, allowing users to identify vulnerabilities by simulating interactions with MCP servers, extracting tool parameters, and fuzzing them for common security flaws. This approach provides detailed findings and remediation guidance, addressing an urgent need as MCP adoption and associated risks continue to grow.