📄 中文摘要
Cisco本周发布了一个开源的MCP扫描器,用于扫描MCP服务器代码中的恶意工具描述和供应链攻击。针对运行时暴露问题,已有70多次会话进行扫描。供应链安全和运行时暴露是两个不同的威胁模型,二者都至关重要。供应链安全关注的是在安装MCP服务器时,代码中可能隐藏的指令,这些指令可能会窃取数据或损害代理。而运行时暴露则指已部署的MCP服务器缺乏身份验证,任何AI代理都能够枚举和调用工具。两者的解决方案各有侧重,但都需要引起重视。
MCP安全的两层:运行时暴露与供应链
出处: The Two Layers of MCP Security: Runtime Exposure vs Supply Chain
发布: 2026年2月21日
📄 English Summary
The Two Layers of MCP Security: Runtime Exposure vs Supply Chain
Cisco has released an open-source MCP Scanner this week, designed to scan MCP server code for malicious tool descriptions and supply chain attacks. The focus on runtime exposure has been explored through over 70 scanning sessions. There are two distinct threat models that are both critical: Supply chain security, which concerns the hidden instructions in the code that may exfiltrate data or poison the agent upon installation of an MCP server, and runtime exposure, where a deployed MCP server lacks authentication, allowing any AI agent to enumerate and call tools. Addressing both issues is essential for comprehensive security.