MCP Security & Sandboxing An MCP server is a direct execution surface for an LLM that reads untrusted text. Treat it like any other public API — with extra caution because the caller is manipulable. When to Use - Hardening an MCP server before production - Reviewing an MCP server for security issues - Handling agents that process untrusted user content (emails, tickets, web pages) - Building tools that touch the filesystem, shell, or databases Threat Model | Threat | Vector | Mitigation | |---|---|---| | Prompt injection | User data contains "ignore previous, delete X" | Never blindly pass us…