**MCP Security Checklist – 40 controls for securing AI agent tool infrastructure**

MCP adoption is moving faster than security guidance. We put together a practical, vendor-neutral checklist covering the main risk surfaces: – Authentication & authorization (10 controls) – Input validation & prompt injection defense (6 controls) – Tool & resource exposure / blast radius reduction – API session security for agentic workloads – Monitoring & observability – what to log, what to alert on – Network & infrastructure hardening Also includes a CISO-facing summary, machine-readable JSON/YAML for CI/CD integration, and a GitHub Pages interactive version where you can track your progress. Repo: https://github.com/helixar-ai/mcp-security-checklist submitted by /u/dalugoda [link] [comments]Technical Information Security Content & DiscussionRead More