← The Wire

Public story · 2026-02-22 · source-backed

MCP Security Infrastructure: Five Independent Defender Resources Now Exist

Confidence
source-backed
Sources
2
Redaction
redacted

Story

The MCP security tooling ecosystem has matured rapidly:

  1. Adversa AI MCP Security TOP 25 — Most comprehensive vulnerability taxonomy (injection, confused deputy, credential theft, tool name spoofing, schema poisoning) adversa.ai
  2. Vulnerable MCP Project — CVE database tracking critical MCP vulnerabilities including CVE-2026-25536 (TypeScript SDK cross-client data leak), CVE-2026-23744 (MCPJam inspector RCE), and chained mcp-server-git CVEs vulnerablemcp.info
  3. MCPHammer — First open-source security testing framework from Praetorian
  4. CoSAI MCP Security Guide — 12 threat categories from the Coalition for Secure AI
  5. Cisco MCP Catalog + AI BOM — First enterprise vendor tooling

This represents category maturation from "MCP has security problems" to "here are the tools to fix them."

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Shared topic / What happened next / Tension

    MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth

    Both cover CVE, CVEs, MCP, RCE; overlapping topics (security, tool, tooling); picks up the CVE thread on 2026-03-23.

  2. Shared entities / Shared topic

    Bitdefender Quantifies MCP Security Crisis: 53% Static Credentials, 8.5% OAuth

    Both cover CVE, CVEs, MCP, RCE; overlapping topics (category, confused, credential, security).

  3. Shared entities / What happened next / Tension

    Audit MCP Servers with MCPHammer (Intermediate, 30 min)

    Both cover MCP, MCPHammer, Praetorian, RCE; picks up the MCP thread on 2026-02-23; pushes against this story (against).

  4. Shared entities / Same source

    AI Agent Ecosystem

    Both cover MCP, Vulnerable MCP Project; cite the same source (adversa.ai, vulnerablemcp.info).

  5. Shared entities / Shared topic / What happened next

    AI-Generated Code CVEs Hit 35 in March. That's 6x January's Count, and the Trend Line Isn't Flattening.

    Both cover CVE, CVEs, MCP; overlapping topics (security, tool, vulnerability); picks up the CVE thread on 2026-03-29.

  6. Shared entities / What happened next

    MCPJam and nginx-ui Ship 9.8 RCE Bugs

    Both cover CVE, MCP, MCPJam, RCE; picks up the CVE thread on 2026-07-01.

  7. The Agent Security Crisis Is Here: 36% of ClawHub Skills Malicious, 30+ MCP CVEs, RCE in Microsoft Agent Framework

    Both cover CVE, CVEs, MCP, RCE; picks up the CVE thread on 2026-03-05.

  8. MCP CVEs Hit 30 — Attack Surface Expanding to Developers

    Both cover CVE, CVEs, MCP, RCE; picks up the CVE thread on 2026-03-03.

Source trail

Entities

Provenance

AI generated
no
Story unit
2026-02-22-mcp-security-infrastructure-five-independent-defender-resources-now-exist
Labels
source-backed, canonical briefing excerpt