Skip to content
Offline · no cloud sync
Ten MCP-specific risks for tool, resource, and transport posture.

GrantLock maps your findings to the OWASP MCP Top 10 (2025) — prompt injection via tool outputs, tool poisoning, privilege escalation through MCP servers, supply-chain attacks on dependencies, credential theft, and data exfiltration. Coverage reflects what the open-source rule pack detects from MCP server configurations today.

10 of 10 requirements
GrantLock Posture — Pre-runtime control plane for agentic AI