Research & Writing

Blog

MCP security research, attack analysis, and runtime policy enforcement.

How mcpwall Maps to the OWASP MCP Top 10

A line-by-line mapping of the OWASP MCP Top 10 security threats against mcpwall’s default rules. 2 blocked, 3 partially mitigated, 5 out of scope.

I let Claude Code install an MCP server. Three seconds later, it read my SSH private key. No warning, no prompt, no log entry.

A transparent look at mcpwall’s security coverage: 8 attack classes blocked, 13 known limitations, and the assumptions we make.