Today marks a big day for us at Akto. We’re launching Akto MCP Security, the industry’s first dedicated security solution specifically built to protect Model Context Protocol (MCP) servers.

APIs have always been at the heart of modern apps, seamlessly enabling everything we use daily from food delivery apps to social media platforms.

Something remarkable is happening now in 2025: AI-powered tools (think ChatGPT, GitHub Copilot, and AI agents) are rapidly becoming common, changing the way apps communicate and operate. As AI agents dynamically invoke APIs to perform sophisticated tasks in real-time, APIs have become even more central to how applications function, turning from passive connectors into active enablers of autonomous intelligence.

This shift has given rise to Model Context Protocol (MCP), introduced by Anthropic in late 2024, which standardizes how AI agents dynamically invoke APIs to perform tasks and retrieve real-time data. MCP has quickly become the backbone for the next generation of autonomous apps. GitHub, OpenAI, and thousands of enterprises globally have rapidly adopted MCP, unlocking unprecedented automation and productivity gains.

Developers across the globe are rapidly building MCP-compatible servers to harness these autonomous capabilities.

But as we've seen many times before, new technology often introduces new vulnerabilities.

Rise of MCP means new class of security risks

With MCP growth, security teams are facing new and tricky problems they've never dealt with before:

• Tool Poisoning: Attackers inject malicious instructions into MCP tool descriptions, tricking AI agents into unintended, harmful actions.

• Line Jumping: Malicious commands embedded in descriptions trigger actions before intended execution, circumventing standard controls.

• Tool Shadowing: Malicious MCP servers mimic legitimate tools, leading AI agents astray and risking data leaks.

• Rug Pull Attacks: Trusted servers suddenly become malicious, altering their behavior to exploit unsuspecting AI agents.

• Insecure Authentication: Weak authentication protocols allow attackers to introduce rogue MCP servers, potentially causing unauthorized access.

• Credential Leaks: AI agents reveal sensitive information due to insufficient data handling protections.

These threats highlight why specialized security measures tailored explicitly to MCP environments are urgently required.

Last 6 months for MCP Servers

Since its launch by Anthropic in late 2024, MCP adoption has skyrocketed:

Nov 2024 – Anthropic launches MCP, standardizing how AI agents invoke APIs

Jan 2025 – OpenAI announces MCP support, accelerating enterprise adoption

Mar 2025 – Community adoption surges; MCP becomes default for many AI-native apps

Apr 2025 – First wave of MCP-related vulnerabilities discovered, incl. prompt injection

May 2025 – 5,000+ MCP servers now deployed; MCP in production at enterprises like GitHub, Google DeepMind, and Microsoft

May 2025 – GitHub MCP vulnerability publicly disclosed, sparking urgent security concerns

Latest Vulnerability in Github MCP server

In May 2025, a critical vulnerability was discovered in GitHub's official Model Context Protocol (MCP) server, highlighting significant security concerns in AI agent integrations. This flaw allowed attackers to exploit AI agents by embedding malicious instructions within public GitHub issues. When an AI agent, such as Claude Desktop, processed these issues, it could be manipulated into accessing and leaking data from private repositories. The attack involved the agent autonomously creating pull requests in public repositories, inadvertently exposing sensitive information.

Why Akto is Uniquely Positioned for MCP Security

At Akto, our mission remains to empower application security teams with industry-leading API security. In the past month alone, we’ve seen an incredible shift.

More than 80% of our customers are now either adopting or considering MCP. And nearly a third have explicitly asked us for help in securing these new MCP servers built by devs.

As the leader in API security, stepping up to secure MCP environments was a natural extension of our expertise. We didn’t just observe this trend, we moved fast. We worked closely with customers to deeply understand their concerns, immediate pain points, and built a solution to meet their critical MCP critical security needs head-on.

We are incredibly proud of our dev team to have moved incredibly fast in building the solution and supporting our customers.

The First dedicated MCP Security Solution

After listening closely to our customers and understanding their challenges, we’ve built the following first set of product modules in MCP Security.

1. MCP Server Discovery

As application security teams, one of the constant struggles is maintaining visibility into what developers deploy, especially with the rapid growth of MCP servers adoption. Developers frequently adopt new tech, deploying API endpoints that security teams might not even know exist. Imagine your team finding out about a new MCP server only after it’s exposed sensitive data or, worse, exploited by attackers.

Akto eliminates these blind spots. Akto solves this by discovering every MCP server and related APIs calls your developers deploy. With 50+ traffic and code connectors, Akto seamlessly discovers every MCP server deployed across your environments. No more surprises or shadow MCP.

2. MCP Security Testing

From an application security perspective, testing MCP servers can feel overwhelming because traditional assessment methods fall short.

MCP API endpoints face unique risks like tool poisoning, unauthorized commands executed by compromised AI agents, or subtle flaws in authentication mechanisms. Imagine an attacker embedding malicious instructions into an MCP tool description, manipulating your AI-driven APIs into leaking confidential information.

Akto’s specialized MCP Security Testing targets exactly these types of scenarios. Using Akto you can test your MCP severs and MCP calling API endpoints for vulnerabilities specific to them. We’ve built test library that detects vulnerabilities such as unauthorized access, tool poisoning, prompt injection, insecure authentication, and sensitive data exposure to find continuous security issues.

3. MCP Monitoring and Threat Detection

MCP-based interactions differ from traditional API traffic. AI agents invoke APIs dynamically, often with changing input patterns and tool configurations. This unpredictability makes it hard for legacy monitoring tools to detect threats like:

• AI agents calling unauthorized APIs

• Escalating tool permissions over time

• Prompt injection attempts

• Sudden spikes in sensitive data access via MCP

Akto's MCP Monitoring is built specifically to handle these scenarios. We analyze every MCP call, tool usage, execution context, response structure, and parameter patterns to monitor and detect threats in real-time.

Be early Adopter for MCP Security?

At Akto, we’re partnering with modern application security teams to co-build the industry's first purpose-built MCP Security platform. If you’re exploring securing MCP Servers or APIs, we invite you to be part of our early access program. 👉 Fill out this form to express your interest. Our team will reach out to you.