All news with #model context protocol tag

Apigee Adds Managed MCP Support for Secure APIs and Policy

🔒 Google’s Apigee now supports MCP with fully managed, remote servers, enabling organizations to expose existing APIs as agent tools without code changes or running MCP infrastructure. By creating an MCP proxy with your OpenAPI spec and a /mcp basepath, Apigee handles transcoding, protocol handling, and automatic registration in API hub. You can apply Apigee’s built-in security, identity, quota, and analytics controls to govern and monitor agent interactions. The capability is currently available in preview for a limited set of customers.

Google Adds Official MCP Support Across Key Cloud Services

🔌 Google announced fully-managed, remote support for Anthropic's Model Context Protocol (MCP), enabling agents and standard MCP clients to access a unified, enterprise-ready endpoint for Google and Google Cloud services. The managed MCP servers integrate with services like Google Maps, BigQuery, GCE, and GKE to let agents perform geospatial queries, in-place analytics, and infrastructure operations. Built-in discovery, governance, IAM controls, audit logging, and Google Cloud Model Armor provide security and observability. Developers can expose and govern APIs via Apigee and the Cloud API Registry to create discoverable tools for agentic workflows.

Tools and Strategies to Secure Model Context Protocol

🔒 Model Context Protocol (MCP) is increasingly used to connect AI agents with enterprise data sources, but real-world incidents at SaaS vendors have exposed practical weaknesses. The article describes what MCP security solutions should provide — discovery, runtime protection, strong authentication and comprehensive logging — and surveys offerings from hyperscalers, platform providers and startups. It stresses least-privilege and Zero Trust as core defenses.

MCP Sampling Risks: New Prompt-Injection Attack Vectors

🔒 This Unit 42 investigation (published December 5, 2025) analyzes security risks introduced by the Model Context Protocol (MCP) sampling feature in a popular coding copilot. The authors demonstrate three proof-of-concept attacks—resource theft, conversation hijacking, and covert tool invocation—showing how malicious MCP servers can inject hidden prompts and trigger unobserved model completions. The report evaluates detection techniques and recommends layered mitigations, including request sanitization, response filtering, and strict access controls to protect LLM integrations.

Amazon Connect Adds MCP Support for AI Agents and Tools

🤖 Amazon Connect now supports the Model Context Protocol (MCP), enabling AI-driven customer self-service and employee assistance agents to invoke standardized tools to fetch information and perform actions during interactions. Amazon Connect offers out-of-the-box MCP tools for tasks like updating contact attributes and retrieving case information, and allows flow modules to be exposed as MCP tools so business logic is reusable across deterministic and generative workflows. Organizations can also integrate custom or third-party tools via flow modules or the Amazon Bedrock AgentCore Gateway to automate actions such as order lookups, refunds, and customer-record updates without human intervention.

AWS preview: Fully managed MCP servers for EKS and ECS

🔔 Amazon EKS and ECS now offer fully managed MCP servers in preview, providing a cloud-hosted Model Context Protocol endpoint to enrich AI-powered development and operations. These servers remove local installation and maintenance, and deliver enterprise features such as automatic updates and patching, centralized security via AWS IAM, and audit logging through AWS CloudTrail. Developers can connect AI coding assistants like Kiro CLI, Cursor, or Cline for context-aware code generation and debugging, while operators gain access to a knowledge base of best practices and troubleshooting guidance.

Rogue MCP Servers Can Compromise Cursor's Embedded Browser

⚠️ Security researchers demonstrated that a rogue Model Context Protocol (MCP) server can inject JavaScript into the built-in browser of Cursor, an AI-powered code editor, replacing pages with attacker-controlled content to harvest credentials. The injected code can run without URL changes and may access session cookies. Because Cursor is a Visual Studio Code fork without the same integrity checks, MCP servers inherit IDE privileges, enabling broader workstation compromise.

What CISOs Should Know About Securing MCP Servers Now

🔒 The Model Context Protocol (MCP) enables AI agents to connect to data sources, but early specifications lacked robust protections, leaving deployments exposed to prompt injection, token theft, and tool poisoning. Recent protocol updates — including OAuth, third‑party identity provider support, and an official MCP registry — plus vendor tooling from hyperscalers and startups have improved defenses. Still, authentication remains optional and gaps persist, so organizations should apply zero trust and least‑privilege controls, enforce strong secrets management and logging, and consider specialist MCP security solutions before production rollout.

Prompt Hijacking Risks MCP-Based AI Workflows Exposed

⚠️ Security researchers warn that MCP-based AI workflows are vulnerable to "prompt hijacking" when MCP servers issue predictable or reused session IDs, allowing attackers to inject malicious prompts into active client sessions. JFrog demonstrated the issue in oatpp-mcp (CVE-2025-6515), where guessable session IDs could be harvested and reassigned to craft poisoned responses. Recommended mitigations include generating session IDs with cryptographically secure RNGs (≥128 bits of entropy) and having clients validate unpredictable event IDs.

MCPTotal Launches Platform to Secure Enterprise MCPs

🔒 MCPTotal today launched a comprehensive platform designed to help organizations adopt and secure Model Context Protocol (MCP) servers with centralized hosting, authentication and credential vaulting. Its hub-and-gateway architecture functions as an AI-native firewall to monitor MCP traffic, enforce policies in real time, and provide a vetted catalog of hundreds of secure MCP servers. Employees can safely connect models to business systems like Slack and Gmail while security teams gain visibility, guardrails, auditing and multi-environment coverage to reduce supply chain, prompt-injection, rogue-server and data-exfiltration risks.

Security Risks of Vibe Coding and LLM Developer Assistants

🛡️AI developer assistants accelerate coding but introduce significant security risks across generated code, configurations, and development tools. Studies show models now compile code far more often yet still produce many OWASP- and MITRE-class vulnerabilities, and real incidents (for example Tea, Enrichlead, and the Nx compromise) highlight practical consequences. Effective defenses include automated SAST, security-aware system prompts, human code review, strict agent access controls, and developer training.

Agent Payment Protocol: Enabling Trusted Agent Commerce

🔐 Agent Payment Protocol (AP2) is an open trust layer that enables AI shopping agents to complete purchases without ever handling raw payment credentials. AP2 enforces a role-based separation—shopping agent, merchant endpoint, credential provider, and payment processor—and relies on verifiable credentials to produce cryptographic proof of intent and approval. It defines three mandate types (Cart, Intent, Payment) to support both human-present and human-not-present flows. Developers can adopt AP2 as an extension to A2A and MCP to reduce PCI scope and improve accountability.

Cloudflare AI Index: Site-Controlled Discovery and Monetization

🔍 Cloudflare is launching a private beta of AI Index, a per-domain, AI‑optimized search index that site owners control and can monetize via Pay per crawl and x402 integrations. The service automatically builds and maintains indexes and exposes standardized APIs — an MCP server, LLMs.txt, a search API, bulk transfer endpoints, and pub/sub subscriptions for real-time updates. It integrates with AI Crawl Control so owners can set access rules or opt out entirely.

Code Mode: Using MCP with Generated TypeScript APIs

🧩 Cloudflare introduces Code Mode, a new approach that converts Model Context Protocol (MCP) tool schemas into a generated TypeScript API so LLMs write code instead of emitting synthetic tool-call tokens. This lets models leverage broad exposure to real-world TypeScript, improving correctness when selecting and composing many or complex tools. Code Mode executes the generated code inside fast, sandboxed Cloudflare Workers isolates that expose only typed bindings to authorized MCP servers, preserving MCP's uniform authorization and discovery while reducing token overhead and orchestration latency.

AWS SiteWise MCP Server Accelerates Industrial Modeling

⚙️ AWS published a Model Context Protocol (MCP) server for AWS IoT SiteWise in the AWS Labs open-source MCP repository to simplify industrial data modeling. The server embeds domain validation and automated modeling, applying correct units, data types, and quality indicators so models are production-ready. It maintains compatibility with existing SiteWise tools and APIs while adding conversational interfaces to streamline model authoring, asset onboarding, and downstream analytics enablement.

MCP Toolbox Adds Firestore Tools for AI-Assisted Dev

🧰 MCP Toolbox now includes comprehensive Firestore tools that let AI assistants connect directly to Firestore from environments like Gemini CLI and other MCP-compatible interfaces. Built on the Model Context Protocol, these pre-built tools support document reads, collection queries, targeted updates, and security-rules validation to accelerate debugging, testing, and maintenance for NoSQL applications. Developers can perform complex queries and targeted updates in natural language, validate security rules before deployment, and reduce context switching between consoles and emulators. The release is accompanied by docs, quick start guides, a GitHub repo, and community channels to help teams adopt the features quickly.

Five AI Use Cases CISOs Should Prioritize in 2025 and Beyond

🔒 Security leaders are balancing safe AI adoption with operational gains and focusing on five practical use cases where AI can improve security outcomes. Organizations are connecting LLMs to internal telemetry via standards like MCP, using agents and models such as Claude, Gemini and GPT-4o to automate threat hunting, translate technical metrics for executives, assess vendor and internal risk, and streamline Tier‑1 SOC work. Early deployments report time savings, clearer executive reporting and reduced analyst fatigue, but require robust guardrails, validation and feedback loops to ensure accuracy and trust.

Agent Integration with Open Standards: MCP and A2A

🔗 Azure's Agent Factory blog emphasizes that interoperability is the key to moving agentic AI from isolated prototypes to enterprise-scale solutions. The post promotes open standards like Model Context Protocol (MCP) and Agent2Agent (A2A) to enable shared context, reusable tools, and cross-framework collaboration across runtimes such as Semantic Kernel. It explains how Azure AI Foundry combines these protocols with thousands of connectors, unified observability, and governance so agents can act across SaaS, legacy systems, and custom APIs without costly rewrites.

AWS CloudTrail MCP Server Adds Natural-Language Security

🔒 AWS Labs published a Model Context Protocol (MCP) server for CloudTrail that enables AI assistants to perform security and compliance analysis via natural‑language queries. The server provides direct access to CloudTrail events and CloudTrail Lake, allowing searches of 90‑day management event histories and Trino SQL queries on Lake data spanning up to 10 years. By exposing these capabilities through a conversational interface, the MCP server removes the need for bespoke API integrations and streamlines investigation and compliance workflows. The component is available in regions that support CloudTrail LookupEvents or CloudTrail Lake and is available with code and documentation in the AWS Labs repository.

Cloudflare AI for WARP and Network Troubleshooting Tools

🔍 Cloudflare is introducing two AI-powered tools to simplify troubleshooting for the Cloudflare One SASE platform: the new WARP diagnostic analyzer in the Zero Trust dashboard and a DEX MCP server for Digital Experience Monitoring. Both features are available to all Cloudflare One customers by default and convert diagnostic logs into clear, actionable insights. The WARP analyzer highlights events, device details, and exports JSON for deeper analysis, while the DEX MCP server enables natural-language queries and custom analytics without heavy SIEM integration.