Cisco Secures MCP Servers With Multiple Scanning Engines, Supply Chain Protections

Welcome to this AI Agent & Copilot Podcast, where we analyze the opportunities, impact, and outcomes that are possible with AI.

In this episode, I speak with Cisco’s Arjun Sambamoorthy, senior director, AI, about Model Context Protocol security and Cisco’s new MCP Scanner product.

Highlights

Risks With AI Agents and MCP (01:15)

Sambamoorthy explains the risks associated with MCP and AI agents, including supply chain and runtime perspectives. He highlights the risk of compromised MCP servers, similar to typical software compromises. The three main types of risks are tool poisoning attacks, rug-pull attacks, and over-privileged tools.

Rug pull attacks exploit the trust established after tool authorization by changing tool descriptions or implementations. Tool poisoning attacks involve altering the behavior of large language models through tampered tool descriptions.

Agent Supply Chain and MCP Scanner Benefits (03:38)

Sambamoorthy compares the AI agent supply chain to the traditional software supply chain, emphasizing the importance of static and semantic analysis. He discusses the need for contextual inspection of tools before integrating them with LLMs.

Sambamoorthy explains MCP Scanner’s unique capabilities, focusing on analyzing tool descriptions and ensuring alignment with tool implementations. He highlights the open-source nature of the MCP scanner, which includes three different scanning engines. Open source offers affordability and flexibility, allowing users to integrate various AI models, while maximizing accessibility.

Vulnerability Checks and Threat Taxonomy (08:20)

Discussing the vulnerability checks that MCP Scanner performs, Sambamoorthy outlines its threat taxonomy, which includes 15 different threat categories, such as tool poisoning attacks, tool exploitation, and injection attacks. The MCP scanner analyzes tool descriptions for poisoning and prompt injection, ensuring semantic safety. It also checks the code implementation for alignment with tool descriptions and behavioral safety.

Partnerships and Integration with Major Vendors (10:29)

Cisco’s engagements in the software ecosystem include the open-source community — integrating the MCP scanner in CI/CD pipelines and MCP registries. He provides an example of Turbo MCP, which uses the MCP scanner in its CI/CD pipeline. He also references a partnership with AWS to integrate the MCP scanner into AWS’s open-source MCP registry and MCP gateway. He closes by emphasizing the importance of using MCP responsibly.

AI Agent & Copilot Summit is an AI-first event to define opportunities, impact, and outcomes with Microsoft Copilot and agents. Building on its 2025 success, the 2026 event takes place March 17-19 in San Diego. Get more details.