🤖 AI Tools
· 2 min read

MCP Security Checklist — 12 Controls Before Production

Before deploying MCP servers in production, verify these 12 controls. Based on the risks outlined in our MCP Security Risks guide.

Input & validation

1. ✅ Validate all tool parameters — Use Zod (TypeScript) or Pydantic (Python). Never trust raw LLM output.

2. ✅ Sanitize tool responses — Strip potential prompt injection from data returned by tools.

3. ✅ Rate limit tool calls — Prevent runaway agents from making thousands of calls.

Authentication & authorization

4. ✅ Authenticate remote connections — For SSE transport, require API keys or OAuth. Never expose servers without auth.

5. ✅ Implement per-user permissions — Check user permissions on every tool call, not just at connection time.

6. ✅ Use least privilege — Each server only accesses what it absolutely needs.

Isolation & containment

7. ✅ Sandbox MCP servers — Run in Docker containers or separate processes.

8. ✅ Network segmentation — Internal servers (database, files) should not have outbound internet access.

9. ✅ Separate read and write — Consider separate servers for reading vs writing. AI reads freely, needs approval to write.

Monitoring & audit

10. ✅ Log every tool call — Record: timestamp, tool name, parameters, user, result.

11. ✅ Alert on anomalies — Flag unusual patterns: high volume, unexpected tools, off-hours access.

12. ✅ Human approval for destructive actions — Delete, send, deploy, pay — require confirmation.

Quick implementation

Most of these controls can be added in under an hour. Start with the top 3:

  1. Input validation (Zod/Pydantic) — 15 minutes
  2. Logging every tool call — 15 minutes
  3. Least privilege (review what each server accesses) — 30 minutes

Then add auth, sandboxing, and monitoring as you move toward production.

Testing your security

Before deploying, try to break your own MCP server:

  • Send SQL injection in tool parameters
  • Include prompt injection in tool responses
  • Try accessing resources outside the allowed scope
  • Test with missing or invalid auth tokens

If any of these succeed, fix them before production.

For GDPR compliance

Also verify: data processed by MCP servers is covered by your DPA, personal data doesn’t flow through non-compliant providers, and consider self-hosting for sensitive data.

Related: MCP Security Risks · MCP Complete Guide · Self-Hosted AI for GDPR · Best Password Managers for Developers

You might also like

How MCP Authentication Works — OAuth, API Keys, and Tokens

Complete guide to authenticating MCP servers: OAuth flows, API key management, token handling, and security best practices.

AI App Deployment Checklist — From Localhost to Production

The complete checklist for deploying AI applications to production. API keys, rate limits, cost caps, monitoring, security, and rollback plans.

MCP Security Risks Every Developer Should Know (2026)

The security risks of MCP: prompt injection, data exfiltration, privilege escalation, supply chain attacks. With mitigations for each.

MCP Complete Developer Guide — Architecture, Servers, Clients, and Production (2026)

The complete guide to Model Context Protocol for developers. Architecture, building servers, connecting clients, security, and production deployment.