MCP and Tool-Use Security Hub
MCP and tool-use security sits between AI security and API security. This hub groups the content most relevant to teams exposing tools, files, APIs, and privileged actions to models.
Guides
8
Latest Update
May 8, 2026
Primary Intent
Coverage of Model Context Protocol security, tool delegation controls, function calling risk, and AI-agent execution boundaries.
AI Security Testing Tools: Garak, PyRIT, promptfoo, and the Controls They Actually Validate
A practical guide to AI security testing tools for LLM and agentic applications. Explains what Garak, PyRIT, and promptfoo are good at, where each tool falls short, and how to combine automated testing with human review for prompt injection, data leakage, and unsafe tool use.
Secure Tool Calling for LLMs: Function Calling Risks and Runtime Controls
Tool calling is where an LLM application stops being a text system and starts becoming an action system. Learn the runtime controls, permission boundaries, and confirmation patterns that keep function calling from becoming an automation incident.
MCP Server Security: Why Model Context Protocol Is the Next Big Attack Surface
MCP connects AI agents to your tools, databases, and APIs. Here's why it's a massive security risk — and how to lock it down before attackers figure it out.
OWASP Top 10 for Agentic AI 2026: Complete Security Guide
The definitive guide to the OWASP Top 10 for Agentic AI Applications — a brand-new framework released December 2025. Covers goal hijacking, tool manipulation, prompt injection, and 7 more critical agentic AI risks with real-world case studies and mitigations.
How to Secure AI Agents: Identity & Access Management for Agentic AI
Machine identities now outnumber human identities 45:1. Learn how to implement IAM for AI agents — authentication, authorization, credential management, and delegation chains in multi-agent systems.
Securing Generative AI APIs: MCP Security & Shadow AI Risks in 2026
Model Context Protocol (MCP) is the emerging standard for connecting AI to tools and data. But MCP servers, shadow AI usage, and AI supply chain attacks introduce critical risks. Learn how to secure generative AI APIs.
API Security Trends 2026: Protecting REST, GraphQL & gRPC in an AI-Driven World
APIs now account for 83% of web traffic. This guide covers the most critical API security trends for 2026 — AI-generated API abuse, GraphQL-specific attacks, gRPC security, API gateways, and runtime protection strategies.
API Security for AI Agents: Securing MCP, Function Calling & Tool Use
AI agents are the new API consumers. This guide covers securing APIs against AI-driven abuse — MCP server hardening, function calling guardrails, tool delegation authorization, and protecting sensitive endpoints from autonomous agents.