A4. Addendum: MCP Security
Overview
Model Context Protocol (MCP) is the current de facto standard for agentic AI. It is composed of 2 main components:
MCP Host, which runs MCP Clients
MCP Servers, exposing Tools, Resources and Prompts
MCP servers can be deployed locally on the MCP host or remotely. Although securing MCP servers mostly makes sense when remotely accessible, PyRASP can provide security in both contexts.
PyRASPcurrently protects only Tools run by MCP Servers
MCP Servers security
Library and protocol support
MCP is new and related sdk and libraries are under heavy changes. The current version of PyRASP has been tested with the libraries listed in the table below.
mcp
1.9.1
https://github.com/modelcontextprotocol/python-sdk
fastmcp
2.5.1
https://github.com/jlowin/fastmcp
All communication protocols are supported:
stdio
sse
streamable-http
Security features
PyRASP provides security for MCP Tools, ensuring no malicious input is provided and preventing sensitive data leaks.
Due to the current limitation of the FastMCP library source of remote connections and request headers are not available to PyRASP, therefore several security functions cannot be implemented.
Additionally the machine-to-machine concept makes client-focused attacks (such as XSS) irrelevant.
Security modules for MCP Tools implemented in PyRASP are detailed in the table below.
SQL Injection
Inbound
Command Injection
Inbound
Data Leak Prevention
Outbound
Prompt Injection
Inbound
Notes
The current PyRASP implementation relies on the fastmcp library which provides limited access to remote session information.
Although the mcp library may make additionnal security checks possible, it doesn't provide the capability to expose MCP servers to remote systems, definitely making security much less relevant.
Last updated