MCPGuard : Automatically Detecting Vulnerabilities in MCP Servers

TL;DR

This paper analyzes security vulnerabilities in MCP servers, identifying key threats and evaluating defense strategies, emphasizing the need for novel protection mechanisms due to the unique semantic attack surface.

Contribution

It provides a systematic security analysis of MCP systems, categorizes main threats, and surveys existing defense strategies tailored to MCP's unique semantic vulnerabilities.

Findings

Identified three main threat categories in MCP security.

Surveyed existing proactive and runtime defense strategies.

Highlighted the need for novel defenses for semantic attack surfaces.

Abstract

The Model Context Protocol (MCP) has emerged as a standardized interface enabling seamless integration between Large Language Models (LLMs) and external data sources and tools. While MCP significantly reduces development complexity and enhances agent capabilities, its openness and extensibility introduce critical security vulnerabilities that threaten system trustworthiness and user data protection. This paper systematically analyzes the security landscape of MCP-based systems, identifying three principal threat categories: (1) agent hijacking attacks stemming from protocol design deficiencies; (2) traditional web vulnerabilities in MCP servers; and (3) supply chain security. To address these challenges, we comprehensively survey existing defense strategies, examining both proactive server-side scanning approaches, ranging from layered detection pipelines and agentic auditing frameworks to zero-trust registry systems, and runtime interaction monitoring solutions that provide continuous oversight and policy enforcement. Our analysis reveals that MCP security fundamentally represents a paradigm shift where the attack surface extends from traditional code execution to semantic interpretation of natural language metadata, necessitating novel defense mechanisms tailored to this unique threat model.