As enterprises integrate AI agents into their technology stacks, these agents increasingly rely on external tools and services to navigate complex technology environments. Model Context Protocol (MCP) enables AI models to access external functionalities, tools, resources, and prompts without custom API integrations. At Cisco, we recognize that MCP adoption and utilization brings new and complex risks: security remains the foundation for responsible and safe technology deployment. Six months ago, we introduced Cisco AI Defense—a comprehensive solution designed to address security challenges across the AI lifecycle. Today, we’re unveiling MCP Scanner, a powerful open-source tool that helps companies secure a critical gap: the AI agent supply chain. We’re proud to deepen our commitment to securing AI applications and agentic systems across multi-cloud and multi-model environments.
What is MCP, and why does it matter?
In November 2024, Anthropic released MCP, an open standard enabling consistent, interoperable exchanges that simplify interactions between LLMs, agents, and external tools through a stable, model-agnostic interface. MCP has proven to be an incredibly popular protocol in the development of agentic AI systems. However, MCP adoption also exposes companies to new supply chain vulnerabilities. Public MCP registries and websites now host thousands of MCP servers available for download and use in LLM clients. These servers introduce significant risk by running untrusted code and delegating AI interactions to third-party tools. Key risks include:
- Tool poisoning attacks: Malicious instructions secretly embedded within tool descriptions, metadata or implementation code to exfiltrate sensitive data or alter workflows.
- Rug pull attacks: Initially legitimate or trusted tools are later updated with malicious intent to exploit an agent’s reliance on external tools and inadequate integrity checks.
- Over-Privileged Tool Permissions: Tools can perform unauthorized actions without granular permissions, which is a concern as MCP servers often expose broad capabilities (e.g, filesystem, network or system calls).
Developers eager to build and deploy AI agents may inadvertently expose their companies to such risks. It’s essential that companies deploy purpose-built solutions to secure the agentic AI supply chain.
Introducing MCP Scanner
MCP Scanner is an advanced, open-source security tool released by Cisco designed to identify vulnerabilities in MCP servers before they’re integrated into AI systems. The tool scans MCP servers for malicious code and hidden or overlooked threats and helps to ensure that businesses can develop and deploy AI applications safely and securely. Traditional security tooling falls short when evaluating MCP servers because they were never designed to address the unique challenges posed by AI models and agentic systems, which is why new, AI-specific security technologies are crucial.
MCP scanners are not entirely a new concept; however, most existing tools focus narrowly on static code scanning. Threats in the agentic AI ecosystem often hide in less obvious layers – within tool definitions, metadata or even dynamic interactions between agents and tools. Similarly, using existing SaaS tools to do MCP scanning is insufficient because they lack contextual and semantic awareness needed to interpret how LLMs reason and invoke these tools. That is why we designed an MCP Scanner that performs contextual and semantic analysis of each tool’s definition, description and implementation, identifying hidden risks that emerge from how tools are described, invoked and composed within LLM workflows. It leverages three powerful scanning engines (Yara, LLM-as-judge, and Cisco AI Defense) that can be used together or independently. This helps companies thoroughly assess risk and focus on impact.
Cisco’s MCP Scanner rigorously analyzes MCP servers and components to conduct security and vulnerability checks, including:
- MCP Component Security Evaluation: Evaluates MCP tools, prompts, and resources to identify malicious or anomalous behavior.
- Signature-based Detection: Identifies known threats within MCP elements and notifies users of suspicious patterns and threats present in content.
- Integration with AI Defense: Comprehensive security evaluation by AI Defense engines.
The SDK is designed to be easy to use while providing powerful scanning capabilities, flexible authentication options, and customization. With MCP Scanner, security teams can now proactively scan and assess MCP servers before deployment, giving them the confidence to proceed with new AI innovations without compromising security.
How MCP Scanner fits into Cisco AI Defense
Cisco AI Defense is built to provide comprehensive protection for AI applications at every stage of their lifecycle, from supply chain scanning and algorithmic red teaming to runtime guardrails and continuous validation. MCP Scanner is an independent, open-source tool that complements AI Defense. MCP Scanner can also be downloaded and deployed stand-alone to deliver agentic AI supply chain security protection.
By coupling MCP Scanner with AI Defense, we are not only giving organizations the tools to validate the security of their AI models, but we are also empowering them to manage the security of their entire agentic AI systems in real-time, across any cloud and deployment model.
The path forward: unblocking AI innovation with security
At Cisco, we are committed to empowering enterprises to embrace AI securely and confidently. The introduction of MCP Scanner is another leap forward in our mission to protect the AI systems that are reshaping business operations.
Security concerns have long been a barrier to the wide-scale adoption of enterprise AI. With Cisco AI Defense, and now the MCP Scanner, we are eliminating that barrier, enabling organizations to innovate with confidence.
As the AI landscape continues to evolve, Cisco is dedicated to staying ahead of the curve. Our comprehensive, end-to-end security solution ensures that AI is not only transformative but safe, responsible, and ready for the future.
Great layout and explanation look forward to seeing demos👏👏👏
Thank you so much for sharing this — it was really insightful and helpful!
I truly appreciate the effort you put into explaining it so clearly.