AI Agents + MCP Protocol have gone wild. GuardiAgent aims to provide a much-needed safety net, restoring essential security and control.
🚧 Securing MCP Servers: Introducing GuardiAgent Anthropic’s Model Context Protocol (MCP) makes it easy to spin up servers that expose tools and data to LLMs. That’s powerful; but also risky. Many MCP servers run locally because they need access to your files, shell, browser, etc. The catch: they typically run with the same privileges as your user. If a server is buggy, misconfigured, or prompt-injected, it can effectively do anything you can do on that machine: - read SSH keys - exfiltrate dotfiles and configuration - explore private repositories and sensitive projects Our research group at University of St.Gallen is working on this problem with GuardiAgent. We’re building: - a security manifest (inspired by the Android app manifest), and - a local policy enforcement engine that sandboxes MCP servers This lets you define, in a fine-grained way: - which hosts an MCP server can reach - which files/directories it can read or write - which actions it is not allowed to perform 👉 The goal: keep MCP-based agents useful, without giving them full user-level access to your machine. 🔗 Code and docs: https://lnkd.in/dr_J77ie https://lnkd.in/dZMKp97y We'd love to hear from people working on agents, MCP servers, or AI security: How are you locking down tools/agents today? What would you want from a permission model and sandbox like this? #AIsecurity #MCP #LLM #agents #AppSec #GuardiAgent
