# MCP Red Teaming The Akto MCP Security Module is designed for teams working with LLMs, agent frameworks, and AI-based orchestration systems. As Model Context Protocol (MCP) becomes a standard layer in agentic stacks, it introduces new attack surfaces that are often unmonitored and untested. Akto automatically identifies MCP servers, discovers tool definitions and resources, runs targeted security probes, and continuously monitors for misconfigurations, threats, and data leaks in real time. ## Key Capabilities ### MCP Server Discovery Gain instant visibility into every MCP server in your environment: * Automatically detects MCP servers and the tools they expose * Works across cloud, hybrid, and on-prem environments * Maps tool dependencies and resource access patterns #### AI Red Teaming for MCPs Uncover critical vulnerabilities unique to MCP architectures: **Prompt Injection**: Probe for indirect prompt injection through MCP tool responses and resource content. **Tool Poisoning**: Validates tool definition integrity and detects malicious tool implementations. **Excessive Permissions**: Identifies overly broad tool permissions and resource access grants. **Unauthorized Endpoint Access**: Probe authorization boundaries for tool invocations and resource requests. **Insecure Authentication**: Validates authentication mechanisms for MCP server connections. **MCP Protocol Security**: Probe for protocol-specific vulnerabilities including malformed requests and response manipulation. Each Probe simulates real-world attack paths with contextual severity scoring. ### Continuous Monitoring Stay ahead of threats with real-time monitoring: * Detects unusual tool invocation patterns and malicious actor behavior * Visualizes threats by actor, IP address, and reputation * Enables early detection of tool misuse and lateral movement ## Get Started with MCP Security Akto's MCP Security Module provides deep visibility, automated scanning, and continuous protection for MCP implementations. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ai-security-docs.akto.io/akto-argus-agentic-ai-security-for-homegrown-ai/agentic-red-teaming/concepts/mcp-red-teaming.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.