Quick Start
Top 10 Controls
01Never expose MCP over the public internet without mTLS or equivalent.
02Scope every tool to the minimum necessary permissions.
03Validate and sanitize all inputs before they reach tool execution.
04Log every tool invocation with the originating session context.
05Set rate limits on both the MCP server and any downstream APIs it calls.
06Treat agent sessions as untrusted by default — validate intent, not just tokens.
07Separate read and write tools; require explicit approval for write ops in sensitive contexts.
08Rotate credentials used by MCP servers on a defined schedule.
09Monitor for behavioral anomalies: unusual tool chains, high-frequency calls, off-hours access.
10Conduct a tool inventory review before every production deployment.
Full Checklist