.png?fit=max&auto=format&n=gKqTvJPtsRi2bLNx&q=85&s=8abbce3efb590630de2102c43d32aadf)
.png?fit=max&auto=format&n=Dy9YsIECUbR9JZiT&q=85&s=a1f404cd7f7aeb1727c89d81137ae1ac)
MCP is powerful but ships without guardrails. The protocol standardizes how clients and servers talk; it does not provide authentication, observability, or any defense against malicious tools or leaked data. MCP Manager is the product layer that closes those gaps — one governed gateway where identity, governance, runtime protection, and audit are applied to every call. This page is a quick glossary of the key MCP threats and where each one is addressed.Documentation Index
Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
Use this file to discover all available pages before exploring further.
Key threats at a glance
| Threat | What it is | Where MCP Manager addresses it |
|---|---|---|
| Prompt injection | Hidden instructions inside data or tool content trick the agent into unsafe actions. | Runtime Protections |
| Tool poisoning | Malicious instructions hidden in a tool’s metadata (description or schema), read into the model’s context. | Feature Governance |
| Rug pull | A tool quietly changes its behavior or description after you approved it. | Feature Governance |
| Server spoofing & cross-server shadowing | A malicious server impersonates or overrides another server’s tools. | Feature Governance · Audit & Observability |
| Token theft / account takeover | Stolen credentials let an attacker impersonate a service account, often undetected. | Authentication & Identity |
| Over-privileged access | Agents are handed far more tools and scope than the task needs. | Feature Governance |
| Data leakage & exfiltration | Sensitive data (PII, secrets) flows to the model or out of bounds. | Runtime Protections |
| Shadow MCP | Unsanctioned, unseen MCP usage that no one can audit. | Audit & Observability |
| Missing authentication / exposed endpoints | Servers with weak or no auth that anyone on the network can reach. | Authentication & Identity |
The four layers that address them
MCP Manager applies defense in depth across four layers — each has its own page:Authentication & Identity
Brokers a real identity to every server, stores credentials encrypted, and revokes access instantly — countering token theft and missing auth.
Feature Governance
Least privilege for tools, with metadata locking that defends against tool poisoning and rug pulls.
Runtime Protections
Inspects live traffic to block injection and stop PII or secrets from leaking.
Audit & Observability
Records every call with attribution, so shadow MCP and spoofing become visible and auditable.
Further reading
Authentication & Identity
The first security layer — brokered identity, credential storage, and instant revocation.
Architecture & Trust
How the gateway is hardened as the control point in the path of every call.
External sources
OWASP Top 10 for LLM Applications
The industry reference on prompt injection and related LLM risks.
MCP security best practices
Security guidance from the Model Context Protocol specification.