MCPGuard : Automatically Detecting Vulnerabilities in MCP Servers

The Model Context Protocol (MCP) has emerged as a standardized interface enabling seamless integration between Large Language Models (LLMs) and external data sources and tools. While MCP significantly reduces development complexity and enhances agent capabilities, its openness and extensibility introduce critical security vulnerabilities that threaten system trustworthiness and user data protection. This paper systematically analyzes the security landscape of MCP-based systems, identifying three principal threat categories: (1) agent hijacking attacks stemming from protocol design deficiencies; (2) traditional web vulnerabilities in MCP servers; and (3) supply chain security. To address these challenges, we comprehensively survey existing defense strategies, examining both proactive server-side scanning approaches, ranging from layered detection pipelines and agentic auditing frameworks to zero-trust registry systems, and runtime interaction monitoring solutions that provide continuous oversight and policy enforcement. Our analysis reveals that MCP security fundamentally represents a paradigm shift where the attack surface extends from traditional code execution to semantic interpretation of natural language metadata, necessitating novel defense mechanisms tailored to this unique threat model.

Key Contributions

• Systematic taxonomy of MCP security threats across three categories: agent hijacking from protocol design flaws, traditional web vulnerabilities, and supply chain risks
• Comprehensive survey of proactive and runtime defense strategies including layered detection pipelines, agentic auditing frameworks, and zero-trust registry systems
• Identification that MCP security represents a paradigm shift where the attack surface extends to semantic interpretation of natural language metadata in tool descriptions

🛡️ Threat Analysis

Details

Similar Papers