Released in February 2026 by the OWASP GenAI Security Project, the Practical Guide for Secure MCP Server Development provides a comprehensive framework for securing the connection between AI agents and external resources. The guide emphasizes that MCP servers should be treated as high-risk execution environments, advocating for a defense-in-depth architecture that mandates OAuth 2.1/OIDC for authentication, strict session isolation through containerization, and the total prohibition of “token passthrough” to prevent Confused Deputy attacks. A core focus of the document is the protection of tool integrity, introducing mitigations for “Rug Pulls” and Tool Poisoning—where malicious instructions are hidden within tool descriptions to manipulate model behavior—by requiring cryptographically signed tool manifests and rigorous input validation against strict JSON schemas.
Publication's URL
https://genai.owasp.org/resource/a-practical-guide-for-secure-mcp-server-development/Additional documents on this topic
- NIST IR 8596 Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile ★★★★★
- ETSI EN 304 223: Securing Artificial Intelligence (SAI) – Baseline Cyber Security Requirements for AI Models and Systems
- CSA Data Security within AI Environments
- CISA Principles for the Secure Integration of Artificial Intelligence in Operational Technology
- OWASP AI Testing Guide ★★★★★