Security Boulevard

President Trump stripped former CISA head Chris Krebs of his security clearances, accusing him of disloyalty for claiming the 2020 election was safe and disagreeing with him regarding the pandemic. SentinelOne, where Krebs is an executive, also was targeted by Trump, who further ordered investigations of Krebs and CISA.

The post Trump Strips Security Clearances of Ex-CISA Head Krebs, SentinelOne appeared first on Security Boulevard.

Are You Overlooking an Essential Part of Your Cybersecurity Strategy? When it comes to solidifying your organization’s cybersecurity strategies, an often-overlooked aspect is Non-Human Identities (NHIs). Given the increasing reliance on the cloud for business operations across a multitude of industries and departments, managing NHIs effectively is crucial for stable and secure operations. The Indispensable […]

The post Ensuring Stability in Your NHI Security Strategy appeared first on Entro.

The post Ensuring Stability in Your NHI Security Strategy appeared first on Security Boulevard.

What Makes Secrets Vaulting Essential for Modern Business Security? Non-human identities (NHIs) and secrets management play a critical role in safeguarding sensitive data. NHIs, or machine identities, are created by combining a unique encrypted password, key, or token (the “Secret”) with permissions granted by a destination server. But why is managing these NHIs and their […]

The post Smart Secrets Vaulting Solutions for Modern Businesses appeared first on Entro.

The post Smart Secrets Vaulting Solutions for Modern Businesses appeared first on Security Boulevard.

The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns. In this blog we address FAQs about MCP.

Background

Tenable Research has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Model Context Protocol (MCP).

FAQ

What is Model Context Protocol (MCP)?

Model Context Protocol (MCP) is an open-source standard created by Anthropic that provides a universal method to connect external data and actions to large language models (LLMs). It provides the methods to allow an LLM to detect what resources it has at its disposal, and understand when and why it would use those resources to answer or enhance the task it is working on.

Examples of external data that an AI could access include local file systems, databases, APIs, SaaS applications and more.

In a way, the MCP allows an LLM to provide a deterministic request of data or actions to assist in answering questions with data outside of its training.

MCP is quickly becoming a standard that many AI companies are implementing.

Why is there so much interest in MCP?

MCP is gaining significant interest due to its standardization of connecting external data sources to LLMs. A developer can now write an integration for an LLM once and use it across a variety of tools and LLMs that utilize MCP. "App stores" and "marketplaces" of MCP servers are available for quick integration into your environment. Services to help create custom MCP servers specifically for you are available.

Is this the first time LLMs could interact with external data and sources?

Agentic AI, which has the capacity to act autonomously, can take actions and work with external sources, but implementation is unique to each tool. Solutions like LangFlow help by standardizing some of the tooling and can interact with multiple LLMs within its specific framework. However, the MCP specification takes this standardization to the next level, where an integration can be created and used across multiple solutions.

How do I get started working with MCP?

MCP requires a host application, colloquially called a client and a server. The host application orchestrates communication between an LLM and the interfaces that communicate with the MCP servers.

The foundational example is using Claude Desktop to add a filesystem MCP server, as outlined at Quickstart for Claude Desktop Users. This example shows what it takes to add a filesystem server to Claude Desktop to provide local filesystem information to Claude.ai. While Claude Desktop is the proving ground for MCP servers, many other clients exist that improve the user experience.

Online directories of MCP clients and servers are becoming available, such as MCP Clients | Glama and Open-Source MCP Servers | Glama.

How does MCP work?

MCP uses a client/server architecture to allow LLMs to interact with external data. This is accomplished using three primary components; host, client and server.

• A host application is used to manage the interaction between LLMs and a number of MCP clients. Many popular MCP hosts include Claude Desktop, Claude Code, Cursor, Windsurf, and editor integrations like Cline and Continue.
• The client is an interface that runs in the host application and allows the LLM to interact with the server by maintaining a one-to-one connection with a server.
• The server is a small application that communicates with the client using the MCP protocol, and provides standardized processes to list various capabilities as well as responds to requests for relevant data or actions.

Source: Tenable, April 2025

While these components are discussed as separate components, they can be a part of a single application or separate applications. The most common configuration seen at time of publishing this FAQ consists of the client integrated into the host application and communicating to the server over secure transports using JSON-RPC.

What type of capabilities do MCP servers offer?

MCP servers offer different capabilities to clients to support the retrieval of data along with actions taken on data. The following capabilities are available:

• Resources are data stores available for the LLM to keep track of. These can include files, database schema information and console logs. Resources are loaded at time of a chat initiation and should be used to avoid repeated requests of static data.
• Tools take actions. Examples include retrieving content from files, inserting data into a database, replying to emails and more.
• Prompts allow the server to provide useful and reusable prompts to the client. Many implementations of the application hosts allow methods to list the prompts using a "quick list" concept, such as hitting a "/" key to bring up a list of prompts that are available. The prompts can also be used as templates that can be dynamically populated with user inputs.

Currently, "tools" are the most impactful capability offered by MCP and what garners much of the media's attention.

Is it safe for me to use MCP servers?

MCP relies heavily on trust.

• Trust that the host application is controlling access to the clients
• Trust that the client is using secured transports with the server
• Trust that the server has implemented secure practices when it is accessing resources

Users should seek out MCP servers from reputable sources. However, always remember to "trust but verify," and do not install unknown software in your environment.

How does the MCP host implement security?

The host application should implement controls that allow the user of the application to approve tools prior to using them. Many of the mainstream applications already have methods to verify that the tool usage is acceptable. For example, on the first time attempting to call the tool, Claude Desktop provides a choice of "use once" or "use for the entire chat session." Other applications, like Cline, may have a method to "auto approve" different tools or applications. The amount of information provided to the user in these verification dialogs can vary.

What controls are available for transport security?

There are two primary transports; STDIO and Server Sent Events (SSE).

• When the client and server exist on the same computer, STDIO is the preferred transport. STDIO sends the output of the client straight to the input of the server and the output of the server to the client. The transport can only be attacked if the local system is compromised.
• When the client and server do not exist on the same computer then SSE is used to transport the JSON messages over HTTP connections. This allows the communication to use standard HTTP security options, such as SSL transports and Open Authentication (OAuth) authorization.

Ok, so what are the biggest risks to using MCP?

The biggest risk to using MCP is the injection of malicious servers. Since all registered servers have a single point of reference in the host application and LLM, malicious servers can poison the LLM or abuse the tools of other legitimate servers. As the MCP ecosystem matures we expect to see formalization of concepts like MCP security certification, server integrity monitoring and standardization of logging for monitoring. We will begin to see MCP “App Stores” where collections of MCP servers can be easily pulled into existing tools from a central repository.

The specification for MCP highly recommends authentication and authorization for remote servers, but it is not required. However, developers of MCP servers may not consider the network security of the MCP servers and not implement these recommendations.

Any MCP servers that are remotely accessible can be susceptible to man in the middle attacks or remote attacks. Make sure any MCP servers that use a network based transport have implemented strong authentication and authorization.

What can I do to protect my information while using MCP?

As the technical solutions and capabilities for securing MCP solutions evolve the current recommendations are to use solid cybersecurity best practices. Some of the top things that you can do include the following:

• Detect and inventory your MCP installations and configurations across your environment. With MCP being in early adoption, this is not as simple as monitoring a centralized server, but more likely requires close inspection of endpoints for configuration files. Knowledge and approval of MCP usage is key to maintaining integrity in the environment.
• Control access and monitor the resources that MCP servers are accessing. Whether the resources are local to the endpoints or SaaS applications, monitoring the access of these resources through logging and auditing is a requirement.
• Train the people that are using MCP in their job duties. Make sure they understand the impact of a tool before authorizing its use. The core topics of the MCP specification is that the user must consent and authorize operations before use, and training will provide the understanding required to make that determination.

Is Tenable looking into safety and security concerns surrounding MCP implementations?

Yes, Tenable Research is actively researching MCPs and will be sharing more of our findings in future publications on the Tenable blog.

Get more information

• Anthropic: Introducing the Model Context Protocol

The post Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications appeared first on Security Boulevard.

In the current economic environment, IT and security leaders face significant challenges. Budget optimization and prioritizing initiatives that provide real business value are crucial, particularly amidst a growingly complex and threatening threat landscape. This pressure is especially pronounced when it comes to securing the APIs essential for modern applications and linking vital data.

APIs serve as the foundation of digital innovation, yet their swift expansion results in an extensive attack surface. Development teams often operate rapidly, occasionally sidestepping standard security evaluations, leading to undocumented shadow APIs and outdated zombie APIs hiding within your environment. The task of manually identifying these APIs, ensuring compliance, and defending against sophisticated attacks can seem daunting, especially with limited resources. How can you improve security and manage costs simultaneously?

Bridging the Gap: Security and Efficiency Can Coexist

What if compromise was unnecessary? Imagine having complete visibility into your entire API ecosystem, proactively tackling threats, and streamlining security operations without increasing operational expenses.

That’s where Salt Security steps in. We recognize your challenges, and our platform is crafted to assist security and development teams in maximizing efficiency while achieving solid API security without incurring additional operational costs.

How Salt Security Empowers Your Teams:

• See Everything instantly: Eliminate the struggles of manual discovery. Salt offers Complete API Visibility, automatically identifying all your APIs, including those hidden shadow and zombie versions. Understand your entire attack surface thoroughly.
• Automate Compliance: Maintain continuous compliance with automated posture rules and real-time monitoring. Focus less on manual audits and more on strategic priorities.
• Stop Threats Sooner, Respond Faster: Why delay in the event of an attack? Salt enables preemptive threat prevention by recognizing and assisting in blocking vulnerabilities before they go into production. If an incident happens, quick detection significantly shortens MTTD/MTTR (Mean Time To Detect/Respond), reducing impact and conserving valuable security resources.
• Streamline Your DevSecOps Workflow: Salt integrates seamlessly with your development practices. Automate the generation of API documentation (Swagger/OpenAPI), detect vulnerabilities early through CI/CD pipeline integration, enforce policies automatically to prevent risky deployments, and automate security triage for quicker issue resolution. Less friction leads to more productivity.
• Protect Your Brand (and Budget): It’s crucial to safeguard essential data and your organization's reputation. Salt aids in achieving that goal effectively while showing fiscal responsibility.

Smart Security Meets Smart Procurement

Are you concerned about complicated procurement cycles or identifying new budget lines? We've simplified that process too. Salt Security is available directly through AWS, Azure, and GCP Marketplaces, enabling you to use your existing cloud budgets and streamline purchasing. It’s about optimizing your previous investments.

Don't Compromise on API Security

In an era that demands fiscal wisdom, skimping on API security is not an option—the risks are simply too great. With Salt Security, you can safeguard your APIs, reduce costs, and empower your teams to concentrate on innovation, even with tight resources. Secure your essential projects and uphold robust API security without straining your finances.

Ready to discover how you can decrease costs while enhancing your API security and compliance posture?

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture governance, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post Unlock Total API Visibility and Control, Cost-Effectively appeared first on Security Boulevard.

Learn how to stop enumeration fraud before Visa’s new thresholds take effect. Protect your business with DataDome’s Cyberfraud Protection Platform.

The post How to Decrease Your Enumeration Fraud Before Visa’s New Rules Take Effect appeared first on Security Boulevard.

Authors/Presenters: Jay Chen, Ravid Mazon

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Breaking Ground – BOLABuster: Harnessing LLMs For Automating BOLA Detection appeared first on Security Boulevard.

Grip helped companies reduce exposure from the Oracle Cloud breach before it was acknowledged, detecting shadow tenants and enabling fast, targeted response.

The post How We Knew the Oracle Breach Was Real | Grip Security appeared first on Security Boulevard.

Picture this: You’re in the middle of preparing for a board meeting. The stakes are high, and the numbers you present could help you secure a budget for the next 12-24 months. Over the past several months, you’ve painstakingly built a security ecosystem, data pouring in from endpoints, cloud systems, identity solutions, threat intelligence feeds, …

Read More

The post Why Some Vendors Upcharge for CRQ Integrations appeared first on Security Boulevard.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Stargazing 4’ appeared first on Security Boulevard.

Author/Presenter: Dave Bailey

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Breaking Ground – Hell-0_World | Making Weather Cry appeared first on Security Boulevard.

The Payment Card Industry Security Standards Council (PCI SSC) continues to evolve its flagship data security standard. The latest version encourages complying organizations to move away from traditional, periodic audits to a process of continuous risk management and monitoring. Yet this is only going to get the desired results if those same organizations have a continuous, updated view of their own cardholder data environment (CDE).

The post Navigating PCI DSS 4.0 Compliance: How Automated Data Discovery Can Help appeared first on Security Boulevard.

The post What is DSPM? Understanding Data Security Posture Management appeared first on Votiro.

The post What is DSPM? Understanding Data Security Posture Management appeared first on Security Boulevard.

If your organization handles sensitive financial information, you must implement security measures that fulfill the Payment Card Industry Data Security Standard (PCI DSS) requirements. The most commonly used methods for securing cardholder data are tokenization and encryption. These techniques aim to protect sensitive payment information, but they work in fundamentally different ways. This blog will […]

The post PCI DSS Tokenization vs Encryption: Key Differences to Protect Payment Data appeared first on Centraleyes.

The post PCI DSS Tokenization vs Encryption: Key Differences to Protect Payment Data appeared first on Security Boulevard.

New domains are up 7.39%, with 2.9 million malicious domains detected. Chinese gambling sites dominate the Top 20 TLDs, while .top remains a hotspot for abuse - this time with a spike in toll road scams. Read the full report here.

The post Domain Reputation Update Oct 2024 – Mar 2025 appeared first on Security Boulevard.

Compromised passwords remain one of the most common—and preventable—ways attackers gain access to systems. Despite advancements in security tools, weak and reused credentials still leave organizations wide open to phishing, credential stuffing, and account takeovers. To tackle this head-on, password monitoring and threat intelligence firm Enzoic has partnered with GuidePoint Security, a top cybersecurity services […]

The post Guidepoint Security & Enzoic: Taking on the Password Problem appeared first on Security Boulevard.

In today's rapidly evolving digital landscape, taking control of your cybersecurity strategy is more crucial than ever.

The post Embracing the Future: Mastering Your Cybersecurity Strategy With an Identity Driven Security Approach appeared first on Security Boulevard.

Assess the risks posed by AI-powered attacks and adopt AI-driven defense capabilities to match. Automate where possible. Use AI to prioritise what matters. Invest in processes and talent that enable real-time response and build long-term trust. 

The post AI is Reshaping Cyber Threats: Here’s What CISOs Must Do Now appeared first on Security Boulevard.

Agentic AI is transforming business. Organizations are increasingly integrating AI agents into core business systems and processes, using them as intermediaries between users and these internal systems. As a result, these organizations are improving efficiency, automating routine tasks, and driving innovation. But these benefits come at a cost.  AI agents rely on APIs to access [...]

The post The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access appeared first on Wallarm.

The post The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access appeared first on Security Boulevard.

Amazon Gift Card Email Hooks Microsoft Credentials

The post Amazon Gift Card Email Hooks Microsoft Credentials appeared first on Security Boulevard.