OWASP Releases Guide for Secure MCP Server Use

This title was summarized by AI from the post below.

View organization page for OWASP GenAI Security Project

20,449 followers

🚀 New Resource: The Practical Guide for Securely Using Third-Party MCP Servers The OWASP GenAI Security Project is proud to announce the release of A Practical Guide for Securely Using Third-Party MCP Servers, a comprehensive resource for organizations and developers adopting the Model Context Protocol (MCP). As the use of MCP servers expands, connecting AI systems to tools, APIs, and data, so does the need for robust security practices. This guide provides actionable recommendations to mitigate emerging risks such as: 🔹 Tool poisoning and prompt injection 🔹 Memory poisoning and tool interference 🔹 Authentication, authorization, and secure client-server discovery 🔹 Governance and automated security tooling Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS A huge thank-you to the contributors, reviewers, and sponsors across the OWASP GenAI Security Project community who made this resource possible! #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity

20 Comments

John Sotiropoulos

Cyber for the Era of AI - Kainos | OWASP | US AISIC | Best-selling author ( Adversarial AI)

An excellent and timely guide from the Agentic Security Initiative, i am proud to co-lead with Ron F. Del Rosario. Massive well done to the workstream leaders Idan Habler, PhD Tomer Elias and Joshua Beck and the many contributors Keren Katz, Netanel Rotem, Victor Lu, Sonu Kumar, Gurpreet Kaur Khalsa, Ken Huang, Rico Komenda, Brian M. Green, Almog Langleben, Riggs Goodman III. Venkata Sai Kishore Modalavalasa Abhishek Mishra, Sumeet Jeswani, Adrian Sroka ,Brian M. Green,Syed Aamiruddin Roco Komenda, John Cotter, Saquib Saifee, Mohsin Khan, Dipen Shah,Subaru Ueno, and many others!

15 Reactions

Idan Habler, PhD

AI/ML Security Researcher | Co-Lead, OWASP Securing Agentic Applications | PhD in AI/Cybersecurity | Advancing Agentic AI Safety

It was a great pleasure to work on this guide !

10 Reactions

Alex Milovidov

Principal Product Manager | Technical Product Strategy & Platform Architecture | LLM, Generative AI, ML | Ex-SAS, Nike, JFrog, Samsung, TIBCO, IBM

It is a big deal to create the cybersecurity guidelines like that, especially now when everyone is suddenly an AI developer. This work will never be 100% completed - big kudos to all collaborators!

8 Reactions

Tal Eliyahu

Enabling Secure Innovation | vCISO x 30 | Volunteer | Speaker | PE & VC Advisor

Great share! I’ve also shared it in the AI Security group on LinkedIn: https://www.linkedin.com/groups/14545517/ and Twitter: https://x.com/AISecHub

4 Reactions

Luca Sambucci

Strong work and thank you to everyone who contributed. This will help move MCP conversations from generic safety talk to real engineering choices.

3 Reactions

Devin Lynch

Senior Director, Paladin Global Institute | GWU Faculty | U.S. Navy | Cybersecurity, AI, and Tech Policy

Couldn’t come sooner! This will become an essential resource to securing the Application Layer of the AI Tech Stack.

1 Reaction

Charles Iheagwara

Very helpful!

1 Reaction

Tomer Elias

Senior Director of Product Management | Agentic AI Security | AI Protection | Board Member 🦄

Proud to be part of the amazing team that worked on this guide!

1 Reaction

Josan Neves

Security Infrastructure Analyst | Curious?! Read on!

Thank you for the efforts and for sharing it!

1 Reaction

Brian M. Green

AI Governance & Ethics Leader | Health Tech Innovator | Speaker | Building Responsible, Human-Centered AI Solutions | fractional CAIO

I'm glad to have been a contributor to this project!

1 Reaction

See more comments

To view or add a comment, sign in

More Relevant Posts

Rico Komenda

⚡️ Cybersecurity ⚡️ Securing the Digital World, One Byte at a Time
2w
Report this post
Thrilled to share that I had the opportunity to contribute to the CheatSheet "A Practical Guide for Securely Using Third-Party MCP Servers” 🛡️ If you work with MCP Servers in any capacity - development, integration, or security - this guide is a must-read. It offers practical insights on how to use third-party MCP servers securely and responsibly. Huge thanks to the OWASP GenAI Security Project community and all the amazing contributors who made this happen. Proud to be part of an effort that helps strengthen the foundations of secure and trustworthy AI systems. 🙌 #OWASP #GenAISecurity #MCP #AIsecurity #LLM #AI All contributors: Idan Habler, PhD, Tomer Elias, Joshua Beck, Netanel Rotem, Victor Lu, Keren Katz, Sonu Kumar, Ella Duffy, Gurpreet Kaur Khalsa, @Abhishek MIs, Sumeet Jeswani, Adrian Sroka, Ken Huang, Riggs Goodma III, Brian M. Green, Syed Aamiruddin, John Cotter, Saquib Saifee, Almog Langleben, Mohsin Khan, Dipen Shah, Subaru Ueno, Venkata Sai Kishore Modalavalasa
OWASP GenAI Security Project

20,449 followers
2w

🚀 New Resource: The Practical Guide for Securely Using Third-Party MCP Servers The OWASP GenAI Security Project is proud to announce the release of A Practical Guide for Securely Using Third-Party MCP Servers, a comprehensive resource for organizations and developers adopting the Model Context Protocol (MCP). As the use of MCP servers expands, connecting AI systems to tools, APIs, and data, so does the need for robust security practices. This guide provides actionable recommendations to mitigate emerging risks such as: 🔹 Tool poisoning and prompt injection 🔹 Memory poisoning and tool interference 🔹 Authentication, authorization, and secure client-server discovery 🔹 Governance and automated security tooling Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS A huge thank-you to the contributors, reviewers, and sponsors across the OWASP GenAI Security Project community who made this resource possible! #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
4 Comments
Like Comment
To view or add a comment, sign in
Bill Musgrave

Global Software Development Director | Tech-forward Leader | SDLC | Cybersecurity | AI | Lean Six Sigma | DevOps | Digital Transformation | Azure | Project Management | Published Author on Trending IT
2w
Report this post
If you manage software development teams, and they have started using AI, you should check this out. MCP servers allow AI to access a variety of resources that could be compromised in the event of an attack. Per OWASP: "Since (MAP) tools can execute code, access files, and make network calls, a compromised MCP stack can lead to data theft, malicious code execution, and system sabotage."
OWASP GenAI Security Project

20,449 followers
2w

🚀 New Resource: The Practical Guide for Securely Using Third-Party MCP Servers The OWASP GenAI Security Project is proud to announce the release of A Practical Guide for Securely Using Third-Party MCP Servers, a comprehensive resource for organizations and developers adopting the Model Context Protocol (MCP). As the use of MCP servers expands, connecting AI systems to tools, APIs, and data, so does the need for robust security practices. This guide provides actionable recommendations to mitigate emerging risks such as: 🔹 Tool poisoning and prompt injection 🔹 Memory poisoning and tool interference 🔹 Authentication, authorization, and secure client-server discovery 🔹 Governance and automated security tooling Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS A huge thank-you to the contributors, reviewers, and sponsors across the OWASP GenAI Security Project community who made this resource possible! #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
1 Comment
Like Comment
To view or add a comment, sign in
Monica Cretu

Director Product & Program Management, Hardware & Software Engineering + Global Operations & Logistics + Enterprise AI | Ex Samsung, Microsoft, Scantron, Nordstrom, ML & AI Startups
2w Edited
Report this post
Cybersecurity for AI! If you are building AI tools and solutions, let's build these securely following the practical guide for MCP just released by OWASP. Big thanks to all of those making this important guide available! #Cybersecurity #OWASP #AI #AITrust #GenAISecurity #MCP
OWASP GenAI Security Project

20,449 followers
2w

🚀 New Resource: The Practical Guide for Securely Using Third-Party MCP Servers The OWASP GenAI Security Project is proud to announce the release of A Practical Guide for Securely Using Third-Party MCP Servers, a comprehensive resource for organizations and developers adopting the Model Context Protocol (MCP). As the use of MCP servers expands, connecting AI systems to tools, APIs, and data, so does the need for robust security practices. This guide provides actionable recommendations to mitigate emerging risks such as: 🔹 Tool poisoning and prompt injection 🔹 Memory poisoning and tool interference 🔹 Authentication, authorization, and secure client-server discovery 🔹 Governance and automated security tooling Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS A huge thank-you to the contributors, reviewers, and sponsors across the OWASP GenAI Security Project community who made this resource possible! #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
Like Comment
To view or add a comment, sign in
Saquib Saifee

Securing the Software Supply Chain | Security Architect | AI Security & Red Teaming | Open Source Contributor (CISA, OWASP, CycloneDX) | CISSP, eCPPT
2w Edited
Report this post
My recent contribution to the “A Practical Guide for Securely Using Third-Party MCP Servers” has been published by the OWASP GenAI Security Project Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
OWASP GenAI Security Project

20,449 followers
2w

🚀 New Resource: The Practical Guide for Securely Using Third-Party MCP Servers The OWASP GenAI Security Project is proud to announce the release of A Practical Guide for Securely Using Third-Party MCP Servers, a comprehensive resource for organizations and developers adopting the Model Context Protocol (MCP). As the use of MCP servers expands, connecting AI systems to tools, APIs, and data, so does the need for robust security practices. This guide provides actionable recommendations to mitigate emerging risks such as: 🔹 Tool poisoning and prompt injection 🔹 Memory poisoning and tool interference 🔹 Authentication, authorization, and secure client-server discovery 🔹 Governance and automated security tooling Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS A huge thank-you to the contributors, reviewers, and sponsors across the OWASP GenAI Security Project community who made this resource possible! #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
Like Comment
To view or add a comment, sign in
Maurice Schubert

Partner
2w
Report this post
Nice work done by the OWASP GenAI Security Project team! The cheatsheet covers main aspects needed for properly protecting your MCP deployment: https://lnkd.in/epfqEjgt #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
OWASP GenAI Security Project

20,449 followers
2w

🚀 New Resource: The Practical Guide for Securely Using Third-Party MCP Servers The OWASP GenAI Security Project is proud to announce the release of A Practical Guide for Securely Using Third-Party MCP Servers, a comprehensive resource for organizations and developers adopting the Model Context Protocol (MCP). As the use of MCP servers expands, connecting AI systems to tools, APIs, and data, so does the need for robust security practices. This guide provides actionable recommendations to mitigate emerging risks such as: 🔹 Tool poisoning and prompt injection 🔹 Memory poisoning and tool interference 🔹 Authentication, authorization, and secure client-server discovery 🔹 Governance and automated security tooling Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS A huge thank-you to the contributors, reviewers, and sponsors across the OWASP GenAI Security Project community who made this resource possible! #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
1 Comment
Like Comment
To view or add a comment, sign in
Yash Virendra Prajapati

Offensive Security | Penetration Testing | CCSP Practitioner | Ethical Hacking | Cyber Instructor | Public Speaker
2w
Report this post
🚨 Essential Resource for AI Agents and Security Teams is Here! 🚨 OWASP GenAI Security Project just announced thier newest guide: A Practical Guide for Securely Using Third-Party MCP Servers (Version 1.0, October 23, 2025). As the Model Context Protocol (MCP) becomes the standard for connecting AI systems to external tools, APIs, and data, the attack surface expands. This comprehensive resource delivers actionable, robust security practices to protect your GenAI applications. Why This Guide is Critical Now? Integrating third-party MCP servers introduces new, complex risks. This guide provides practical recommendations to mitigate emerging threats like: 🔹 Tool Poisoning & Prompt Injection: Strategies for full tool transparency and sanitizing untrusted data. 🔹 Client Security & Server Discovery: Guidance on verification, trusted registries, and sandboxed execution (e.g., Docker). 🔹 Authentication and Authorization: Deep dive into using OAuth 2.1/OIDC with least-permission scopes. 🔹 Governance: Establishing a formal strategy with a trusted MCP registry and review workflow. Whether you're building an advanced AI agent ecosystem or simply integrating a few third-party tools, this document is your blueprint for strengthening defenses against evolving GenAI threats. 📘 Download the guide now and secure your MCP integrations: https://lnkd.in/gybvG_rH A massive thank-you to the contributors, reviewers, and sponsors across the entire OWASP GenAI Security Project community for making this vital, open-source resource possible for security enthusiasts like us! 🎉 #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
OWASP GenAI Security Project

20,449 followers
2w

🚀 New Resource: The Practical Guide for Securely Using Third-Party MCP Servers The OWASP GenAI Security Project is proud to announce the release of A Practical Guide for Securely Using Third-Party MCP Servers, a comprehensive resource for organizations and developers adopting the Model Context Protocol (MCP). As the use of MCP servers expands, connecting AI systems to tools, APIs, and data, so does the need for robust security practices. This guide provides actionable recommendations to mitigate emerging risks such as: 🔹 Tool poisoning and prompt injection 🔹 Memory poisoning and tool interference 🔹 Authentication, authorization, and secure client-server discovery 🔹 Governance and automated security tooling Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS A huge thank-you to the contributors, reviewers, and sponsors across the OWASP GenAI Security Project community who made this resource possible! #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
Like Comment
To view or add a comment, sign in
Tomer Elias

Senior Director of Product Management | Agentic AI Security | AI Protection | Board Member 🦄
2w
Report this post
🆒 One of the coolest contributions that I had the pleasure of taking part in with Idan Habler, PhD & Joshua Beck -"A Practical Guide for Securely Using Third-Party MCP Servers" 😎 It outlines the unique security risks introduced by connecting AI models to third-party tools and data sources, including tool poisoning, prompt injection, memory poisoning, and tool interference. The guide offers actionable mitigations covering authentication, authorization, client sandboxing, secure server discovery, and governance workflows, emphasizing least-privilege access and human-in-the-loop oversight. Kudos to all the folks that helped us out: Netanel Rotem, Victor Lu, Keren Katz, Sonu Kumar, Ella Duffy, Gurpreet Kaur Khalsa, Abhishek Mishra, Sumeet Jeswani, Adrian Sroka, Ken Huang, Riggs Goodman III, Brian M. Green, Syed Aamiruddin, Rico Komenda, John Cotter, Saquib Saifee, Almog Langleben, Mohsin Khan, Dipen Shah, subaru ueno, Venkata Sai Kishore Modalavalasa. Source: https://lnkd.in/eyrwYg-w Thank you to the leadership team at OWASP GenAI Security Project John Sotiropoulos Ron F. Del Rosario
OWASP GenAI Security Project

20,449 followers
2w

🚀 New Resource: The Practical Guide for Securely Using Third-Party MCP Servers The OWASP GenAI Security Project is proud to announce the release of A Practical Guide for Securely Using Third-Party MCP Servers, a comprehensive resource for organizations and developers adopting the Model Context Protocol (MCP). As the use of MCP servers expands, connecting AI systems to tools, APIs, and data, so does the need for robust security practices. This guide provides actionable recommendations to mitigate emerging risks such as: 🔹 Tool poisoning and prompt injection 🔹 Memory poisoning and tool interference 🔹 Authentication, authorization, and secure client-server discovery 🔹 Governance and automated security tooling Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS A huge thank-you to the contributors, reviewers, and sponsors across the OWASP GenAI Security Project community who made this resource possible! #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
2 Comments
Like Comment
To view or add a comment, sign in
Brian M. Green

AI Governance & Ethics Leader | Health Tech Innovator | Speaker | Building Responsible, Human-Centered AI Solutions | fractional CAIO
2w Edited
Report this post
🎉 Sharing this new, FREE publication! 🚨Model Context Protocol (MCP) is not “plug-and-play security.” ⚡ Interoperable, third-party MCP servers unlock real power for Agentic AI—but they also expand your attack surface. That’s why OWASP published a developer-focused MCP Security Cheat Sheet (v1.0, Oct 23, 2025); to help teams consume external MCP servers safely without slowing down delivery. 👉 What Execs need to know (beyond the plumbing): ✅ Supply-chain risk: a poisoned or swapped MCP tool can read files, call networks, or drain budgets. ✅ Cross-tenant exposure: remote servers mean TLS/mTLS, OAuth, and CORS done right, or data leaks and loss. ✅ Governance proof: policy-as-code + auditable lineage are table stakes for regulated industries. 👉 What devs get from this "Cheat Sheet:" ✅ Local vs Remote guidance (STDIO vs Streamable HTTP) and auth patterns (OIDC/PKCE, Client Credentials). ✅ Defense-in-depth at the client (FQN allowlists, schema/size caps, sandbox + egress-deny, HITL prompts). ✅ Tamper routing with PASS / SANDBOX / BLOCK decisions and easy-to-copy policy snippets. 🏆 Bottom line: interoperability ≠ immunity. Make MCP security a first-class requirement. 👉 Grab the Cheat Sheet (link below). Thanks to the lead authors and editors: Tomer Elias, Idan Habler, PhD, and Joshua Beck, and all of my fellow contributors: Netanel Rotem, Keren Katz, Sonu K, Ella Duffy, Gurpreet Kaur Khalsa, Sumeet Jeswani, Adrian Sroka, Ken Huang, Riggs Goodman III, Brian M. Green, Syed Aamiruddin, Rico Komenda, Saquib Saifee, Almog Langleben, Venkata Sai Kishore Modalavalasa, Tal Eliyahu. #AISecurity #GenAI #AgenticAI #MCP #Governance #DevSecOps #OWASP
OWASP GenAI Security Project

20,449 followers
2w

🚀 New Resource: The Practical Guide for Securely Using Third-Party MCP Servers The OWASP GenAI Security Project is proud to announce the release of A Practical Guide for Securely Using Third-Party MCP Servers, a comprehensive resource for organizations and developers adopting the Model Context Protocol (MCP). As the use of MCP servers expands, connecting AI systems to tools, APIs, and data, so does the need for robust security practices. This guide provides actionable recommendations to mitigate emerging risks such as: 🔹 Tool poisoning and prompt injection 🔹 Memory poisoning and tool interference 🔹 Authentication, authorization, and secure client-server discovery 🔹 Governance and automated security tooling Whether you’re integrating third-party MCP servers or building AI agent ecosystems, this document will help you strengthen your defenses against evolving GenAI threats. 📘 Download the guide: https://lnkd.in/gXdD2nTS A huge thank-you to the contributors, reviewers, and sponsors across the OWASP GenAI Security Project community who made this resource possible! #OWASP #GenAISecurity #AI #Cybersecurity #MCP #AITrust #OpenSourceSecurity
4 Comments
Like Comment
To view or add a comment, sign in
RS Web Solutions (RSWEBSOLS)

259 followers
4w
Report this post
Severe Flaw in MCP Server System Compromises Over 3,000 Servers and Many API Keys #internet #cybersecurity Source: https://ift.tt/CzMleXR I am pleased to share a compelling new blog post that highlights a significant vulnerability discovered in Smithery.ai, a key player in the Model Context Protocol (MCP) server market. This critical flaw has compromised over 3,000 AI servers and exposed numerous API keys, raising serious concerns about cybersecurity within centralized AI hosting frameworks. The vulnerability stems from inadequate controls during Smithery's build process, allowing attackers to exploit path traversal vulnerabilities and gain access to sensitive files. The implications of this breach are profound, affecting not only Smithery's infrastructure but also the broader ecosystem of AI tools that rely on MCP servers. This incident emphasizes the urgent need for enhanced security measures and better management of API credentials to safeguard against supply-chain vulnerabilities. I invite you to read the full analysis and understand the potential risks and recommendations for mitigating such vulnerabilities in the future. Read the full post here: [Severe Flaw in MCP Server System Compromises Over 3000 Servers and Many API Keys](https://ift.tt/CzMleXR) #rswebsols #MC…

Severe MCP Server Flaw Exposes 3,000 Servers and API Keys
Like Comment
To view or add a comment, sign in
Netanel Rotem

Senior Full Stack Developer at Intuit | AI Guild Lead
2w
Report this post
Proud to have contributed to the new OWASP GenAI Security Project guide — “A Practical Guide for Securely Using Third-Party MCP Servers (v1.0)”. This guide provides essential security best practices for safely integrating third-party MCPs (Model Context Protocol) — a fast-growing standard that enables AI agents to connect with external tools and data sources. My contribution focused on recommending a security approach for filtering and validating the tools integrated into MCP environments, in order to reduce the overall attack surface and maintain tighter control over tool descriptions and their allowed actions. Special thanks to Idan Habler, PhD for inviting me to share my input and to the amazing OWASP GenAI Security Project team for leading this important work. You can read the full guide here: https://lnkd.in/d2nnTEqe #OWASP #MCP #GenAI #Cybersecurity
5 Comments
Like Comment
To view or add a comment, sign in

20,449 followers

View Profile Connect

OWASP Releases Guide for Secure MCP Server Use

More Relevant Posts

Explore content categories