Securing MCP Servers: A Threat Modeling Guide for Security Engineers
Model Context Protocol servers are appearing inside organizations faster than most security teams have a review process for them. They often look like small, polite integrations: a package, a few tool definitions, some outbound API calls, and a README. That framing is the problem. An MCP server is not a passive integration. It is an execution surface exposed to a language model. It may hold credentials, read sensitive data, call internal APIs, write to downstream systems, and act on instructions that came from untrusted text....