MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems

TL;DR

MCPThreatHive is an open-source platform that automates threat intelligence collection, classification, and visualization for MCP-based agentic systems, addressing critical security gaps.

Contribution

It introduces MCPThreatHive, a comprehensive tool that operationalizes MCP threat taxonomy and provides continuous, multi-source threat intelligence for MCP ecosystems.

Findings

Addresses three critical security coverage gaps in MCP systems.

Operationalizes MCP-38 threat taxonomy with AI-driven threat classification.

Provides a composite risk scoring model for threat prioritization.

Abstract

The rapid proliferation of Model Context Protocol (MCP)-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat intelligence: from continuous, multi-source data collection through AI-driven threat extraction and classification, to structured knowledge graph storage and interactive visualization. The platform operationalizes the MCP-38 threat taxonomy, a curated set of 38 MCP-specific threat patterns mapped to STRIDE, OWASP Top 10 for LLM Applications, and OWASP Top 10 for Agentic Applications. A composite risk scoring model provides quantitative prioritization. Through a comparative analysis of representative existing MCP security tools, we identify three critical coverage gaps that MCPThreatHive addresses: incomplete compositional attack modeling, absence of continuous threat intelligence, and lack of unified multi-framework classification.