Model Context Protocol Security Resources

Model Context Protocol Security

Model Context Protocol is new, so we need to build all the security tooling and process and knowledge around it. Just like when we invented TCP/IP we needed to invent firewalls and all that jazz.


tldr;

Model Context Protocol is new, so we need to build all the security tooling and process and knowledge around it, and thus there is a lot of new thingamabobs out there on the capital-I Internet, from code to blog posts to videos.

Let’s try to make it a bit easier to find the good stuff.

But first…Raillock

Raillock

I’m working on a set of open source MCP related security tools, and one of them is a tool called Raillock, and I need some help testing it, using it and making it better, so if you have some time, please check it out and give me some feedback.

Raillock "locks" the MCP server tool descriptions with cryptographic signatures (i.e. checksums), can be used as a CLI or a Python library. It can be imported into AI Agents that are MCP clients and help them protect themselves from malicious MCP servers and other MCP vulnerabilities.

It's open source and available on GitHub.

About Programming with Natural Language

A key aspect of using Large Language Models is that we effectively program them using natural language. For example, the tool descriptions in an MCP server function/tool are part of the ‘program’ that the MCP client passes to the LLM. Of course, this description can include all kinds of malicious instructions. This is something new that security professionals have to deal with. It’s not the only security issue in MCP, but it’s one of the more difficult ones to grasp.

It’s malicious code comments!

Malicious Code Comments

We all have to get used to a new way of programming, and a new attack vectors that don't look like code. But they are. But they don't look like code. It's Halloween every day now. See the post Malicious Code Comments for more

MCP Security Resources

Last updated: 2025-05-21

About MCP Itself

High Level MCP Resources

Meta Resources

Collections of resources.

Blog Posts

Tools

Purposely Vulnerable MCP Servers

Papers