Cisco's Open-Source MCP Scanner Fortifies AI Agent Supply Chain Security

What Happened

As enterprises increasingly adopt AI agents, the reliance on external tools introduces new security concerns. Cisco is addressing these risks with the launch of MCP Scanner, an open-source tool designed to secure the AI agent supply chain. This initiative builds upon Cisco's existing AI Defense suite, aiming to foster confidence in AI innovation by tackling critical security gaps.

Why It Matters

The Model Context Protocol (MCP), introduced by Anthropic in November 2024, streamlines interactions between large language models (LLMs), agents, and external tools. This open standard simplifies integrations, but also exposes companies to supply chain vulnerabilities. Public MCP registries now host thousands of MCP servers, and using these servers can introduce risks by running untrusted code and delegating AI interactions to third-party tools.

These risks include tool poisoning, where malicious code is embedded within tool descriptions, and rug pull attacks, where initially trusted tools are updated with malicious intent. Over-privileged tool permissions also pose a threat, as tools can perform unauthorized actions due to broad capabilities exposed by MCP servers. Cisco's MCP Scanner directly addresses these vulnerabilities by providing a means to identify threats before integration.

How MCP Scanner Works

Cisco's MCP Scanner is engineered to perform contextual and semantic analysis of each tool's definition, description, and implementation. Unlike traditional security tools that focus on static code scanning, MCP Scanner identifies hidden risks that emerge from how tools are described and used within LLM workflows. The scanner uses three engines: Yara, LLM-as-judge, and Cisco AI Defense, which can be used independently or together to assess risk.

The scanner conducts security and vulnerability checks, including MCP component security evaluation, signature-based detection, and integration with AI Defense. It evaluates MCP tools, prompts, and resources to identify malicious or anomalous behavior, and notifies users of suspicious patterns. The software development kit (SDK) is designed for ease of use, offering scanning capabilities, authentication options, and customization.

Cisco AI Defense Integration

Cisco AI Defense offers protection for AI applications across their lifecycle, from supply chain scanning to runtime monitoring. The MCP Scanner complements AI Defense, offering a standalone solution for agentic AI supply chain security. By combining MCP Scanner with AI Defense, organizations can validate the security of their AI models and manage the security of their agentic AI systems in real-time.

Our Take

Cisco's introduction of MCP Scanner represents a proactive step in securing the AI landscape. As AI adoption grows, so do the attack vectors. By open-sourcing this tool, Cisco is empowering the community to collectively enhance AI security. The focus on contextual and semantic analysis is crucial, given the complex interactions within AI agent systems. This should help shift security from an afterthought to a core component of AI development.

The Path Forward

Cisco aims to empower enterprises to embrace AI securely. With AI Defense and MCP Scanner, Cisco wants to eliminate security barriers that can prevent innovation. As the AI landscape changes, Cisco plans to stay ahead by providing security solutions. For those wanting to enhance AI security, Cisco has made implementation resources available on their GitHub repository.