Research & Disclosures

Security Research

In-depth analysis of MCP attack vectors, vulnerability patterns, and defensive strategies for AI agent ecosystems

2025-001

MCP Sprawl

How unchecked growth of MCP servers creates hidden attack surfaces and operational blind spots across your AI infrastructure.

Read report
2025-002

Command Injection

Exploiting unsanitized inputs in MCP tool calls to execute arbitrary commands on connected systems.

Read report
2025-003

Tool Poisoning

Malicious MCP servers that masquerade as legitimate tools to intercept sensitive data and corrupt agent behavior.

Read report
2025-004

MCP Security Guardrails

Designing and deploying policy-driven constraints that keep AI agents operating within safe boundaries.

Read report
2025-005

Shadow AI

Unauthorized AI agents and MCP connections that operate outside IT visibility, bypassing security controls.

Read report
2025-006

Jailbroken AI

Techniques that bypass model safety layers through crafted MCP contexts, enabling restricted actions.

Read report
2025-007

Rug Pull

Trusted MCP servers that change behavior post-deployment to exfiltrate data or manipulate agent actions.

Read report
2025-008

MCP Observability

Building comprehensive audit trails and real-time monitoring for all agent-to-tool interactions.

Read report