Securing the AI agent supply chain with Cisco’s open-source MCP Scanner - Cisco Blogs

The adoption of Model Context Protocol (MCP) exposes AI agent supply chains to critical vulnerabilities, specifically "tool poisoning attacks" where malicious instructions are embedded to exfiltrate data or alter workflows, and "rug pull attacks" involving weaponized tool updates. Cisco's open-source MCP Scanner is designed to detect these malicious code, over-privileged permissions, and hidden threats within MCP servers, thereby securing agentic AI deployments against such exploits.