#Mcp-security
Showing 25 of 25 repositories tagged #mcp-security, ranked by stars
This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable, and secure AI workflows from session setup to service orchestration.
Sandbox any AI agent in seconds - zero setup, zero latency.
ToolHive is an enterprise-grade platform for running and managing Model Context Protocol (MCP) servers.
Enterprise AI bastion host for secure AI API and MCP access, with unified proxying, RBAC, audit logs, rate limiting, and cost tracking across OpenAI, Anthropic, Gemini, and self-hosted LLMs.
Open-source AI agent firewall for MCP security and agent egress. Scans mediated HTTP, MCP, A2A, and WebSocket traffic for exfiltration, SSRF, and prompt injection, and emits mediator-signed action receipts: verifiable audit evidence from outside the agent.
Lightweight, cross-platform process sandboxing powered by OpenAI Codex's runtime. Sandbox any command with file, network, and credential controls.
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.
A plugin-based gateway that orchestrates other MCPs and allows developers to build upon it enterprise-grade agents.
Agyn is an open-source Kubernetes-native runtime that moves AI agents like Claude Code and Codex from laptops to company infrastructure with the controls enterprises need.
Test, secure, and monitor MCP servers before agents depend on them.
Offline security scanner for AI-agent repos, skills, plugins, and MCP servers.
The secure gateway connecting AI agents to enterprise systems.
AI Agent Security Middleware โ 8-layer defense, DLP data flow, prompt injection detection, zero dependencies. SDK + MCP server for Claude Code, Cursor, LangChain, Hermes Agent & more.
Reticle intercepts, visualizes, and profiles JSON-RPC traffic between your LLM and MCP servers in real-time, with zero latency overhead. Stop debugging blind. Start seeing everything.
AI Security Platform: Defense (61 Rust engines + Micro-Model Swarm) + Offense (39K+ payloads)
๐ค Curated AI OSINT resources โ Google dorks, Shodan queries, GitHub dorks, and techniques to discover exposed LLM endpoints, leaked AI API keys, misconfigured vector databases, and unprotected AI agents
Open-core AI red teaming and offensive AI security evaluation platform.
MCP Server Security Standard (MSSS): an open, testable security control standard for certifying MCP servers, with levels, evidence requirements, and reporting schemas.
[DEPRECATED] Moved to microsoft/agent-governance-toolkit
Fast local Rust scanner for AI-agent prompt injection, credential leaks, exfiltration, and risky tool calls
A curated timeline of real AI agent security incidents, breaches, and vulnerabilities (2024-2026). Every entry sourced and dated.
A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and licensed for remixing.
Metasploit for AI agents: scan, attack, and fix AI agents and MCP servers. Open source security toolkit.
An OWASP-aligned intentionally vulnerable platform for learning and testing AI, LLM, RAG, MCP, and Agentic AI security.
This research introduces MCP Signature Cloaking - a novel backdoor technique that allows attackers to exploit hidden parameters in MCP servers, concealing malicious behavior behind interfaces that appear legitimate to both developers and AI models.