📄 中文摘要
模型上下文协议(MCP)需要一个独立的威胁分类法,现在已经建立。OWASP发布了MCP十大,这是一个针对人工智能代理工具集成中最关键安全风险的结构化框架。该项目由Vandana Verma Sehgal领导,目前处于CC BY-NC-SA 4.0许可证下的测试阶段,旨在填补一个日益扩大的空白:缺乏一个共享的MCP安全性讨论词汇。过去60天内,已有超过30个CVE针对MCP实施提出。研究表明,工具中毒攻击的成功率令人震惊,启用自动批准时成功率高达84.2%。
OWASP MCP 十大:人工智能代理时代的安全框架
出处: The OWASP MCP Top 10: A Security Framework for the AI Agent Era
发布: 2026年3月18日
📄 English Summary
The OWASP MCP Top 10: A Security Framework for the AI Agent Era
The Model Context Protocol (MCP) required its own threat taxonomy, which has now been established. OWASP has published the MCP Top 10, a structured framework addressing the most critical security risks in AI agent tool integration. Led by Vandana Verma Sehgal, this project is currently in beta under a CC BY-NC-SA 4.0 license, aiming to fill a widening gap: the lack of a shared vocabulary for discussing MCP security. Over 30 CVEs have been filed against MCP implementations in the past 60 days. Research consistently shows that tool poisoning attacks succeed at alarming rates, with a success rate of 84.2% when auto-approval is enabled.