Explore
.png){kind=logo}
Explore
In the rapidly evolving landscape of artificial intelligence, Model Context Protocol (MCP) has emerged as a pivotal open standard, enabling AI agents and Large Language Models (LLMs) to seamlessly interact with external data sources and tools. This capability, while transformative, introduces a new frontier of security challenges. As AI systems increasingly rely on these external connections for real-time information and service interactions, ensuring the integrity and security of MCP implementations becomes paramount.
Today, we are thrilled to announce the launch of Ramparts, a cutting-edge security scanner designed to fortify your agentic systems against the sophisticated and often subtle vulnerabilities inherent in the MCP ecosystem. We believe Ramparts will play a crucial role in shaping this secure AI future. We encourage you to explore its capabilities, contribute to its development, and join us in building a more resilient and trustworthy AI ecosystem.
Ramparts is a fast, lightweight, and robust security scanner specifically engineered for Model Context Protocol (MCP) servers. Its core mission is to identify and mitigate indirect attack vectors and configuration vulnerabilities that could compromise your AI systems. Unlike traditional security tools, Ramparts is built from the ground up with the unique complexities of agentic AI in mind, providing a specialized layer of defense for your MCP deployments.
At its heart, Ramparts is powered by Rust, a programming language renowned for its performance, reliability, and memory safety. This strategic choice ensures that Ramparts operates with native execution speed and minimal memory overhead, making it exceptionally well-suited for analyzing large prompt contexts, intricate tool manifests, and complex server topologies. The ability to compile Ramparts into a single, compact binary further enhances its portability, allowing for seamless integration into diverse environments, including Continuous Integration (CI) pipelines, agent sandboxes, and even constrained edge devices. This technical foundation underscores Rampart's commitment to delivering efficient and dependable security scanning without imposing a heavy runtime footprint.
The increasing reliance of AI agents and LLMs on external tools and resources via MCP servers introduces a critical new attack surface. While MCP facilitates powerful interactions, it also exposes systems to a range of potential vulnerabilities if not properly secured. Without rigorous security analysis, these powerful capabilities can transform into dangerous attack vectors. Ramparts is specifically designed to defend against a comprehensive array of threats, including:
MCP Rug Pull Attacks: Unauthorized changes to MCP tool descriptions after initial user approval.
Data Exfiltration: Unauthorized transfer of sensitive data from a system.
Privilege Escalation: Gaining elevated access rights beyond what is intended or authorized.
Path Traversal Attacks: Exploiting vulnerabilities to access files or directories outside of intended boundaries.
Command Injection: Injecting and executing unauthorized system commands through manipulated inputs.
SQL Injection: Manipulating database queries to gain unauthorized access to or control over a database.
Tool Poisoning: Bypassing AI safety measures and manipulating the agent's behavior through malicious instructions embedded in prompts.
Ramparts provides the necessary security layer to identify and mitigate these risks, ensuring that the powerful capabilities exposed by MCP servers are used securely and as intended.
Getting started with Ramparts is designed to be straightforward, allowing you to quickly integrate robust MCP security scanning into your workflow. Here’s how you can begin. The easiest way to install Ramparts is via crates.io, Rust's package registry. If you have Rust and Cargo installed, simply run:
cargo install rampartsOnce installed, Ramparts can be used with a simple command to scan an MCP server.
You'll need the URL of the MCP server you wish to scan and, if required, authentication headers.
ramparts scan https://api.githubcopilot.com/mcp/ --auth-headers "Authorization: Bearer $GITHUB_TOKEN"This command will initiate a scan of the specified MCP server, providing a detailed security assessment.
ramparts scan <url> --output json
ramparts scan <url> --output raw================================================================================
MCP Server Scan Result
================================================================================
URL: https://api.githubcopilot.com/mcp/
Status: Success
Response Time: 1234ms
Timestamp: 2024-01-01T12:00:00.000Z
Server Information:
Name: GitHub Copilot MCP Server
Version: 1.0.0
Description: GitHub Copilot MCP server for code assistance
Capabilities: tools, resources, prompts
Tools: 74
Resources: 0
Prompts: 0
Security Assessment Results
================================================================================
🌐 GitHub Copilot MCP Server
✅ All tools passed security checks
└── push_files passed
└── create_or_update_file warning
📋 Analysis: Standard GitHub file creation/update functionality
├── HIGH: Tool allowing directory traversal attacks: Potential Path Traversal Vulnerability
│ Details: The tool accepts a 'path' parameter without proper validation, allowing potential path traversal attacks.
└── delete_file warning
📋 Analysis: Standard GitHub file deletion functionality
├── HIGH: Tool allowing directory traversal attacks: Potential Path Traversal Vulnerability
│ Details: The tool allows the deletion of a file from a GitHub repository and accepts parameters like branch, message, owner, path, and repo. If path validation is not implemented properly, an attacker could manipulate the path to access files outside the intended directory.
Summary:
• Tools scanned: 74
• Warnings found: 2 tools with 2 total warnings
================================================================================
Ramparts is fully integrated into the Javelin Agentic Security stack and enterprise versions include enhanced scanning using our own custom MCP guard models tuned for detecting MCP attack vectors. Our guardrails are enforced directly at the platform layer enabling you to apply contextual security filters and controls for Agentic systems and their use of MCPs. With Ramparts, both streams—build-time and run-time—roll up into the same telemetry so security teams see one picture, not two disconnected timelines.
Whether you're a developer, a security researcher, or an AI enthusiast, your contributions and feedback are invaluable. Try Ramparts today and get started with Ramparts by following the quick start guide above. Experience firsthand how Ramparts can enhance the security of your MCP deployments.
Ramparts is an open-source project, and we welcome contributions from the community. Whether it's reporting bugs, suggesting new features, or submitting code, your input helps us make Ramparts even better. Star the repository or contribute to the project on GitHub to help us improve Rampart. Visit our GitHub repository to learn more, contribute, and become a part of our growing community: https://github.com/getjavelin/ramparts
.png){kind=logo}
.png)
.png)