A4. Addendum: MCP Security

Overview

Model Context Protocol (MCP) is the current de facto standard for agentic AI. It is composed of 2 main components:

MCP Host, which runs MCP Clients
MCP Servers, exposing Tools, Resources and Prompts

MCP servers can be deployed locally on the MCP host or remotely. Although securing MCP servers mostly makes sense when remotely accessible, PyRASP can provide security in both contexts.

PyRASP currently protects only Tools run by MCP Servers

MCP Servers security

Library and protocol support

MCP is new and related sdk and libraries are under heavy changes. The current version of PyRASP has been tested with the libraries listed in the table below.

Library

Version

Source

mcp

1.9.1

https://github.com/modelcontextprotocol/python-sdk

fastmcp

2.5.1

https://github.com/jlowin/fastmcp

All communication protocols are supported:

stdio
sse
streamable-http

Security features

PyRASP provides security for MCP Tools, ensuring no malicious input is provided and preventing sensitive data leaks.

Due to the current limitation of the FastMCP library source of remote connections and request headers are not available to PyRASP, therefore several security functions cannot be implemented.

Additionally the machine-to-machine concept makes client-focused attacks (such as XSS) irrelevant.

Security modules for MCP Tools implemented in PyRASP are detailed in the table below.

Module

Direction

SQL Injection

Inbound

Command Injection

Inbound

Data Leak Prevention

Outbound

Notes

The current PyRASP implementation relies on the fastmcp library which provides limited access to remote session information.

Although the mcp library may make additionnal security checks possible, it doesn't provide the capability to expose MCP servers to remote systems, definitely making security much less relevant.

PreviousA3. Addendum: Azure Function Specificities NextA5. Contact & Support

Last updated 18 days ago

A4. Addendum: MCP Security

Overview

Model Context Protocol (MCP) is the current de facto standard for agentic AI. It is composed of 2 main components:

MCP Host, which runs MCP Clients
MCP Servers, exposing Tools, Resources and Prompts

MCP servers can be deployed locally on the MCP host or remotely. Although securing MCP servers mostly makes sense when remotely accessible, PyRASP can provide security in both contexts.

PyRASP currently protects only Tools run by MCP Servers

MCP Servers security

Library and protocol support

MCP is new and related sdk and libraries are under heavy changes. The current version of PyRASP has been tested with the libraries listed in the table below.

Library

Version

Source

mcp

1.9.1

https://github.com/modelcontextprotocol/python-sdk

fastmcp

2.5.1

https://github.com/jlowin/fastmcp

All communication protocols are supported:

stdio
sse
streamable-http

Security features

PyRASP provides security for MCP Tools, ensuring no malicious input is provided and preventing sensitive data leaks.

Due to the current limitation of the FastMCP library source of remote connections and request headers are not available to PyRASP, therefore several security functions cannot be implemented.

Additionally the machine-to-machine concept makes client-focused attacks (such as XSS) irrelevant.

Security modules for MCP Tools implemented in PyRASP are detailed in the table below.

Module

Direction

SQL Injection

Inbound

Command Injection

Inbound

Data Leak Prevention

Outbound

Notes

The current PyRASP implementation relies on the fastmcp library which provides limited access to remote session information.

Although the mcp library may make additionnal security checks possible, it doesn't provide the capability to expose MCP servers to remote systems, definitely making security much less relevant.

PreviousA3. Addendum: Azure Function Specificities NextA5. Contact & Support

Last updated 18 days ago