SAFE-MCP

SAFE-MCP

Security Analysis Framework for Evaluation of MCP and AI Agents

Led by:
Frederick KautzArjun SubediBishnu Bista
80+ Techniques
14 Tactic Categories
ATT&CK Mappings
Explore Techniques

Proudly part of

Linux FoundationOpenID Foundation

Initiated by Astha.ai

About SAFE-MCP

SAFE-MCP is an open-source security specification for identifying and mitigating attack vectors in AI agents and Model Context Protocol (MCP)–based systems.

Community-Driven

Hosted by the Linux Foundation and supported by the OpenID Foundation, developed through open community collaboration.

Reference Implementation

Astha provides a reference implementation for operationalizing SAFE-MCP in production environments, enabling continuous assessment, enforcement, and governance for AI Agents.

Who It's For

Role-specific outcomes and quickstart paths

Security Engineers & Red Teams

Plan threat modeling & pentesting

Understand what attacks are possible in MCP architectures and systematically plan your security assessments.

Threat Modeling Guide

Developers / System Architects

Embed mitigations early in tool/server pipelines

Identify which techniques apply to your MCP servers or tool pipelines and integrate security from the start.

Developer Quickstart

Auditors & Researchers

Evaluate maturity & map to existing frameworks

Map SAFE-MCP across existing security frameworks and systematically evaluate MCP system maturity.

Maturity Checklist

Framework Overview

SAFE-MCP adapts the proven MITRE ATT&CK methodology specifically for Model Context Protocol environments, providing a structured approach to understanding and mitigating security risks in agent-tool orchestration.

The framework covers 14 tactic categories and 80+ techniques, each with actionable mitigation and detection guidance.

14 Tactic Categories

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationImpactCommand & ControlResource DevelopmentReconnaissance
Browse All Tactics & Techniques

Featured Techniques

SAFE-T1001

Tool Poisoning

HighHas Mitigations

Adversaries may poison or manipulate MCP tool definitions to execute unauthorized actions.

Initial Access
SAFE-T1102

Prompt Injection

CriticalHas Mitigations

Malicious prompts crafted to bypass safety controls and execute unintended commands.

Execution
SAFE-T1201

MCP Rug Pull Attack

HighHas Mitigations

Adversaries may consume excessive computational resources to degrade or deny service availability.

Impact

What is SAFE-MCP?

A comprehensive security framework built on industry-proven methodologies

1

MITRE ATT&CK Adaptation

SAFE-MCP adapts the MITRE ATT&CK methodology specifically for MCP environments, providing a structured catalog of adversarial tactics, techniques, and procedures (TTPs) tuned for agent-tool orchestration.
Explore on GitHub
2

Framework Coverage

The framework currently defines 14 tactic categories that mirror the MITRE ATT&CK axes, and supports 80+ techniques across those tactics (e.g. SAFE-T1001 Tool Poisoning, SAFE-T1102 Prompt Injection)
Explore on GitHub
3

Guidance & Mappings

Every technique in SAFE-MCP includes mitigation and detection guidance, along with mappings to existing MITRE ATT&CK techniques when applicable.
Explore on GitHub

Explore our complete framework documentation and contribute to the community

View Full Documentation