MCP Security: Why Your AI Agent's Tool Calls Need a Firewall

TL;DR: The Model Context Protocol is becoming the standard way agents talk to tools. Most deployments have zero security between the agent and the tools it invokes. This post breaks down the real threat surface — tool poisoning, rug-pull attacks, data exfiltration through arguments — maps them to the OWASP Agentic Top 10, and lays out practical, implementable defenses with specific tools and thresholds. MCP in 60 Seconds The Model Context Protocol (MCP) is an open standard for connecting agents to external tools and data sources. Instead of hardcoding API calls, you point your agent at an MCP server that advertises a catalog of tools — each with a name, a natural-language description, and a JSON schema for its parameters. The agent reads these descriptions, decides which tools to call, and sends structured requests. MCP servers handle filesystem access, database queries, API calls, code execution — anything you expose. Adoption has been steep. Claude, GPT-based agents, LangChain, AutoG