The gateway routes MCP traffic between agents and servers but doesn't verify the integrity of the messages passing through. Specifically:
- Tool definitions from upstream servers are forwarded without schema validation — a compromised upstream passes poisoned descriptions to the agent
- Tool call parameters aren't signed — anything between the gateway and the server could modify the payload
- No replay protection on tool calls
Since the gateway is the natural interception point, it's the ideal place to add message signing. MCPS (MCP Secure) provides this as an IETF Internet-Draft: draft-sharif-mcps-secure-mcp
MCPS adds per-message ECDSA signing, tool hash-pinning, and nonce-based replay rejection. Available on npm and PyPI. A managed proxy implementation with Defender + Sentinel integration is live at mcpsaas.co.uk.
OWASP MCP Top 10 covers this under MCP-01 and MCP-10: owasp.org/www-project-mcp-top-10
The gateway routes MCP traffic between agents and servers but doesn't verify the integrity of the messages passing through. Specifically:
Since the gateway is the natural interception point, it's the ideal place to add message signing. MCPS (MCP Secure) provides this as an IETF Internet-Draft: draft-sharif-mcps-secure-mcp
MCPS adds per-message ECDSA signing, tool hash-pinning, and nonce-based replay rejection. Available on npm and PyPI. A managed proxy implementation with Defender + Sentinel integration is live at mcpsaas.co.uk.
OWASP MCP Top 10 covers this under MCP-01 and MCP-10: owasp.org/www-project-mcp-top-10