MCP Guard

Technical Overview

MCP Guard is an agent-based security scanner that protects AI agents from emerging threats targeting Model Context Protocol (MCP) servers. MCP Guard scans the tool descriptions of MCP servers and API functions to identify prompt injections and malicious instructions. It also analyzes the source code of MCPs and APIs to surface security vulnerabilities.

Unlike traditional static analysis tools, MCP Guard uses our specialized AI models that understand code semantics, automatically identifying prompt injection vulnerabilities, unsafe API calls, and insecure data handling practices.

The MCP Guard agent is equipped with our purpose-built model and specialized tools for MCP tool description and code inspection, flagging vulnerabilities and providing mitigation suggestions.

• Low latency — our custom language models are fine-tuned for MCP security analysis, enabling them to understand MCP-specific patterns and call specialized security tools with high accuracy. Using smaller, focused models rather than general-purpose LLMs yields faster scan times without sacrificing detection quality.
• Specialized security tools — purpose-built code analysis tools that understand MCP semantics, API patterns, and common vulnerability signatures — dramatically reducing false positives compared to generic static analysis scanners.
• Persistent context tracking — the guard maintains memory of previous scans and vulnerability patterns across your codebase, tracking security improvements over time and avoiding re-flagging resolved issues.

Key Features

• Accurate security flaw detection — more accurate than rule-based scanning, since it reasons about code semantics to reduce false positives; also more accurate than model-only scanning, since the agent scaffold provides advanced tools for better context understanding and retrieval.
• Customized policy support — the agent can ingest and comply with user-defined policies, ensuring scans are tailored to specific requirements.
• Low latency vs. large models — powered by a lightweight reasoning model, the agent achieves significantly higher efficiency than large general-purpose models while maintaining accuracy.

MCP Security Leaderboard

We applied MCP Guard to more than 700 open-source MCPs, producing the industry's first MCP Security Leaderboard, which ranks MCPs along three dimensions:

• Sensitivity — level of access to sensitive operations, data, and system resources. Low: read-only operations and public APIs only. Medium: limited permissions such as file system access. High: high-risk operations such as code execution or email management.
• Security — vulnerabilities, unsafe operations, and adherence to secure coding practices. Low: no known vulnerabilities. Medium: minor security issues such as missing best practices. High: critical vulnerabilities such as command injection.
• Complexity — the codebase's structure, size, and dependencies. Low: simple structure and minimal dependencies. Medium: moderate complexity with some architectural patterns. High: complex architecture with intricate logic flows.

A subset of the top-20 popular MCPs from the leaderboard:

Our analysis found that most MCPS lack basic security protections — leaving agents exposed to prompt injection, code execution exploits, and data exfiltration.

Since launch, MCP Guard has discovered critical vulnerabilities in 78% of analyzed implementations. We've responsibly disclosed 40+ high-severity vulnerabilities to lemaintainers and several now being actively pursued as official Common Weakness Enumerations (CWEs).