Skills
OWASP MCP Top 10: First Formal Security Framework for Model Context Protocol — 30+ CVEs Filed in 60 Days, Tool Poisoning Succeeds 84% with Auto-Approval
OWASP publishes the first structured security framework specifically targeting MCP-enabled AI systems. Key risks include tool poisoning (84.2% success rate when auto-approval enabled), shadow MCP servers operating outside governance, command injection via untrusted model input, and insufficient auth/logging. An audit of 17 popular MCP servers found an average security score of 34/100. Practical mitigation: never enable auto-approval for untrusted MCP tools.
↳ Follow the thread