This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable, and secure AI workflows from session setup to service orchestration.

ToolHive makes deploying MCP servers easy, secure and fun

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.

lunar.dev: Agent native MCP Gateway for governance and security

A plugin-based gateway that orchestrates other MCPs and allows developers to build upon it enterprise-grade agents.

Desktop app that automatically scans and blocks malicious MCP traffic in AI apps like Cursor, Claude, VS Code and Windsurf.

Authentication, analytics, and prompt visibility for MCP servers with zero code changes. Supports OAuth2.1, DCR, real-time logs, and client onboarding out of the box

Build Secure and Compliant AI agents and MCP Servers. YC W23

Reticle intercepts, visualizes, and profiles JSON-RPC traffic between your LLM and MCP servers in real-time, with zero latency overhead. Stop debugging blind. Start seeing everything.

AI Security Platform: Defense (61 Rust engines + Micro-Model Swarm) + Offense (39K+ payloads)

[DEPRECATED] Moved to microsoft/agent-governance-toolkit

MCP Server Security Standard (MSSS): an open, testable security control standard for certifying MCP servers, with levels, evidence requirements, and reporting schemas.

MCP Security Solution for Agentic AI — real-time proxying, behavior analysis, and malicious tool detection

一个用于检测Model Context Protocol (MCP)安全性的Chrome扩展工具。

A generic mcp server fuzzer

A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and licensed for remixing.

HasMCP Community Edition

[DEPRECATED] Moved to microsoft/agent-governance-toolkit

This research introduces MCP Signature Cloaking - a novel backdoor technique that allows attackers to exploit hidden parameters in MCP servers, concealing malicious behavior behind interfaces that appear legitimate to both developers and AI models.

The ultimate OWASP MCP Top 10 security checklist and pentesting framework for Model Context Protocol (MCP), AI agents, and LLM-powered systems.

AI SOC Security Threat analysis using MCP Server

Comprehensive security scanner for Model Context Protocol (MCP) servers

Open Threat Classification (OTC) — 10 threat patterns for AI agent skills, MCP servers, and plugins. CC-BY-4.0.

Agent Interaction Firewall for AI tool calls. Runtime security for MCP and function-calling with <5ms P99, 20+ threat detection layers, formal verification.

Discover and audit MCP servers for security vulnerabilities across Claude Code, Cursor, VS Code, and more

Comprehensive MCP testing framework - test performance, security and compliance in one CLI

Security scanner and install and runtime protection suite for Model Context Protocol (MCP) servers

Real-time security layer protecting AI Agents from Confused Deputy attacks, malicious MCP payloads, and Indirect Prompt Injection.

Independent, evidence-based trust evaluations for 100+ AI models, agents, and tools.

This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable, and secure AI workflows from session setup to service orchestration.