Security with MCP
Posted: Thu Jul 10, 2025 6:20 am
Connecting an AI to external tools introduces real risks:
Tool poisoning: A malicious MCP server can pretend to be harmless and leak data or execute dangerous code.
Information leaks: If permissions are not well defined, an AI could unintentionally access sensitive or confidential data.
Spoofing and denial of service (DoS) attacks.
For this reason, MCP implementers are promoting strong security practices: isolation between environments, strict authentication between client and server, tool review, robust logging, and a zero-trust c level contact list approach. While there's no need to be alarmed, it's not much different from any other Web service in its early stages.
What tools already support it?
The list grows almost weekly. Some of the most notable MCP clients and servers so far include:
MCP Clients (where the AI lives):
Claude Desktop (Anthropic)
Cursor (code editor with agent support)
GitHub Copilot (agent mode)
Microsoft Copilot Studio (from March 2025)
Zed (collaborative editor)
Block (Codename Goose)
OpenAI Agents SDK
MCP Servers (the connected tools):
Google Calendar, Google Docs, Gmail
Appwrite
Twilio
Playwright (for E2E tests)
GitHub, GitLab
Notion, Slack, Obsidian
Pinecone, PostgreSQL, MongoDB
Even APIs like Baidu Maps
How do I get started as a developer?
Creating an MCP server is easier than it seems. There are official SDKs for Python, JavaScript/TypeScript, Kotlin, Java, Swift, Rust, and C# , as well as tools like the MCP CLI and community gateways that make getting started easier.
For example, you can create an MCP server that exposes your app's functions for use by Claude or Cursor. Or you can connect your internal data to a custom assistant using the same protocol.
Tool poisoning: A malicious MCP server can pretend to be harmless and leak data or execute dangerous code.
Information leaks: If permissions are not well defined, an AI could unintentionally access sensitive or confidential data.
Spoofing and denial of service (DoS) attacks.
For this reason, MCP implementers are promoting strong security practices: isolation between environments, strict authentication between client and server, tool review, robust logging, and a zero-trust c level contact list approach. While there's no need to be alarmed, it's not much different from any other Web service in its early stages.
What tools already support it?
The list grows almost weekly. Some of the most notable MCP clients and servers so far include:
MCP Clients (where the AI lives):
Claude Desktop (Anthropic)
Cursor (code editor with agent support)
GitHub Copilot (agent mode)
Microsoft Copilot Studio (from March 2025)
Zed (collaborative editor)
Block (Codename Goose)
OpenAI Agents SDK
MCP Servers (the connected tools):
Google Calendar, Google Docs, Gmail
Appwrite
Twilio
Playwright (for E2E tests)
GitHub, GitLab
Notion, Slack, Obsidian
Pinecone, PostgreSQL, MongoDB
Even APIs like Baidu Maps
How do I get started as a developer?
Creating an MCP server is easier than it seems. There are official SDKs for Python, JavaScript/TypeScript, Kotlin, Java, Swift, Rust, and C# , as well as tools like the MCP CLI and community gateways that make getting started easier.
For example, you can create an MCP server that exposes your app's functions for use by Claude or Cursor. Or you can connect your internal data to a custom assistant using the same protocol.