New Rule: MCP (Model Context Protocol) Security based on CoSAI's Security Guidelines #96
Description
Add a new security rule for MCP (Model Context Protocol) implementations based on the CoSAI (Coalition for Secure AI) MCP Security paper approved by the OASIS Project Governing Board (January 2026).
Background
MCP has rapidly established itself as the protocol for transmitting structured context between AI agents and services. Given the growing importance and attack surface of MCP and agentic systems, it is imperative that deployment-specific security threats are identified and mitigations are implemented.
Multiple critical CVEs have been reported and incidents such as data leakage have already occurred across MCP/agentic deployments, including:
- Asana AI incident (May 2025): Tenant isolation flaw allowing cross-organization data contamination
- WordPress Plugin vulnerability: Over 100,000 sites affected by privilege escalation via MCP
- Supabase MCP Issue: Prompt injection via support ticket data exposing private tables
Reference
- CoSAI MCP Security Paper: https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/main/model-context-protocol-security.md
- MCP Specification: https://modelcontextprotocol.io
Proposed Rule ID
codeguard-0-mcp-security
Always Apply
false - This rule should be applied when MCP implementations are detected (probably python, go, typescript, etc.)
Checklist
- Rule file created at
sources/core/codeguard-0-mcp-security.md - Rule follows template format
- Review all 12 threat categories, but only include those for a software developer