<2-3 sentences summarising what the project addresses and solves, the target audience, and the benefit.> SAFE-MCP is a security framework designed to document and mitigate threats within the AI Agent and Model Context Protocol (MCP) ecosystem. It adapts the established MITRE ATT&CK methodology to identify, categorize, and provide countermeasures for adversary tactics, techniques, and procedures (TTPs) targeting MCP implementations. The framework benefits security teams, developers, and compliance officers by offering structured threat intelligence and actionable guidance for securing AI-powered applications.

How It Works

The project leverages the MITRE ATT&CK framework's structure, mapping its 14 tactical categories and numerous techniques specifically to threats encountered in MCP environments. Each documented technique includes a description, relevant MITRE ATT&CK linkages where applicable, and actionable mitigation and detection strategies. This approach provides a standardized, comprehensive, and continuously updated reference for understanding and defending against evolving MCP-specific cyber threats.

Quick Start & Requirements

This project defines a security framework and TTP reference rather than a runnable software tool. Setup involves integrating its documented techniques into existing security assessments and development practices.

• Community:
  • Slack: OpenSSF #sig-safe-mcp
  • Mailing List: openssf-sig-safe-mcp@lists.openssf.org
  • Meetings: Bi-weekly, 1:00 PM PT

Highlighted Details

• MITRE ATT&CK Alignment: Explicitly tailors TTPs for MCP and AI agent security, maintaining compatibility with established cybersecurity practices.
• Comprehensive Threat Catalog: Documents 81 techniques across 14 tactics, covering the full attack lifecycle from Reconnaissance to Impact, with ongoing additions.
• Actionable Guidance: Each technique includes detailed mitigation strategies and detection rules to aid defenders.
• MCP-Specific Techniques: Features novel threat vectors like "AI Model Poisoning via MCP Tool Training Data Contamination," "Prompt Injection (Multiple Vectors)," and "Context Memory Poisoning via Vector Store Contamination."

Maintenance & Community

The project is associated with the OpenSSF SIG SAFE-MCP. Key contacts include SIG Leads Sarah Evans and Frederick Kautz. Community engagement occurs via the OpenSSF Slack channel #sig-safe-mcp and a dedicated mailing list. Bi-weekly meetings are held at 1:00 PM PT.

Licensing & Compatibility

The provided README does not specify a software license. This omission requires clarification for assessing commercial use or integration compatibility.

Limitations & Caveats

The Reconnaissance tactic currently lists no MCP-specific techniques. As a documentation framework, SAFE-MCP requires active integration and continuous updates to remain effective against the rapidly evolving threat landscape of AI agents and MCP.