Cisco’s AI Security research team has released a new open-source tool named the Machine-readable Catalog of Packages (MCP) Scanner. This tool is designed to enhance the security of the AI agent supply chain by identifying vulnerabilities and malicious packages within AI agent catalogs.

The development of the MCP Scanner addresses the security risks associated with the increasing use of third-party components, known as agents or tools, by Large Language Models (LLMs). These agents, often sourced from public registries, can introduce supply chain vulnerabilities similar to those found in traditional software package managers.

Addressing a New Attack Surface in AI

Modern AI systems, particularly those powered by LLMs, leverage external agents to perform a wide range of tasks and interact with external systems. The reliance on public catalogs for these agents creates a new attack surface. Malicious actors can publish compromised agents, which, when integrated into AI applications, can lead to significant security breaches. The MCP Scanner was developed to provide a mechanism for vetting these third-party agents before they are integrated into production systems.

Functionality and Availability

The MCP Scanner works by analyzing AI agent catalogs that conform to the Machine-readable Catalog of Packages (MCP) specification. It employs both static and dynamic analysis techniques to inspect agent code and behavior for security flaws. The scanner is capable of detecting issues such as insecure data handling, excessive permissions, and vulnerabilities within an agent’s software dependencies. Upon completion of a scan, the tool generates a machine-readable security report that details its findings. Cisco has made the MCP Scanner available to the public on GitHub to foster a more secure AI ecosystem.

Source: https://blogs.cisco.com/ai/securing-the-ai-agent-supply-chain-with-ciscos-open-source-mcp-scanner