- https://github.com/IBM/mcp
- A collection of Model Context Protocol (MCP) servers, clients and developer tools by IBM.
-
SEP-646: Enterprise-Managed Authorization Profile for MCP
- modelcontextprotocol/modelcontextprotocol#646
- proposal from Aaron Parecki for Model Context Protocol - Enterprise Authorization Profile.
-
Spec Proposal: A Gateway-Based Authorization Model
- OWASP MCP Top 10
-
The State of MCP Security
-
MCP Horror Stories: The Security Issues Threatening AI Infrastructure
-
Advanced Tool Poisoning Attack (ATPA), Poison everywhere: No output from your MCP server is safe
-
Maia Iyer, Hybrid Cloud Research Software Engineer at IBM. (LinkedIn, (Medium.com))
- Security in and around MCP: Part 1 — OAuth in MCP
- Security In and Around MCP: Part 2 — MCP in Deployment
- Security in and around MCP: Part 3 — MCP Server Identity
-
Bridging AI and Software Security: A Comparative Vulnerability Assessment of LLM Agent Deployment Paradigms
-
From Prompt Injections to Protocol Exploits: Threats in LLM-Powered AI Agents Workflows
- CVE-2025-6514: OS command injection in mcp-remote when connecting to untrusted MCP servers
- https://www.cve.org/CVERecord?id=CVE-2025-6514
- https://nvd.nist.gov/vuln/detail/CVE-2025-6514
- Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
- MCP Dev Days: Day 1 - DevTools
- Easy, Secure Dynamic Client Registration for MCP & AI Agents