Acuvity, a leader in GenAI security and governance, announced the release of its Open Source Secure MCP Server Protection on July 16, 2025, in Sunnyvale, California. This framework strengthens the Model Context Protocol (MCP), enabling secure, scalable AI integrations for enterprises and developers.
Acuvity launches Open Source Secure MCP Server Protection on July 16, 2025.
Enhances MCP with security for enterprise-grade AI integrations.
Features isolated execution, non-root access, and immutable runtime.
Supports cloud-native deployments across AWS, Azure, GCP, and on-prem.
Includes MiniBridge proxy for secure authentication and communication.
Welcomes community contributions for MCP-specific threat coverage.
The Model Context Protocol (MCP) enables large language models (LLMs) to connect with tools, workflows, and real-time data, but its flexibility introduces security risks. Acuvity’s open source Secure MCP Server Protection addresses these concerns with a production-ready framework. “MCP is a powerful enabler of AI-native applications, but it was never designed with security in mind,” said Satyam Sinha, CEO and Founder of Acuvity. The solution ensures safe adoption without compromising innovation.
Acuvity’s Secure MCP Server offers robust features for enterprise-grade deployments:
Isolated Execution: Sandboxed containers reduce risks of data leaks and lateral movement.
Non-root by Default: Enforces least-privilege access to minimize vulnerabilities.
Immutable Runtime: Uses read-only filesystems for tamper-proof deployments.
Version Pinning & CVE Scanning: Prevents supply chain attacks with validated dependencies.
MiniBridge Runtime Proxy: Manages authentication, content filtering, and secure communication.
TLS + Rego-based Threat Detection: Provides HTTPS support and custom policy enforcement.
The framework covers MCP-specific threats like Cross-Server Tool Shadowing, Rug Pulls, Secrets Leakage, and Tool Poisoning, with extensibility for community-driven threat additions.
Designed for modern workflows, the server supports automated deployments via Kubernetes, Helm, and Docker, integrating with IDEs like VS Code, Windsurf, Cursor, and Claude Desktop. It includes OpenTelemetry for observability and OAuth 2.1 authorization via Descope for secure access control. Acuvity maintains a curated repository of secure containerized builds for over 100 MCP servers, extensible for broader coverage.
Acuvity’s open source approach fosters collaboration, inviting contributions from developers and security researchers to enhance MCP security. The project’s transparency and extensibility, supported by tools like MiniBridge, aim to set a standard for secure AI integrations. It supports cloud-native deployments across AWS, Azure, GCP, and on-prem environments, ensuring flexibility for enterprises.
MCP’s growing adoption, backed by Anthropic, Microsoft, and OpenAI, positions it as a standard for AI agent connectivity. However, a critical Remote Code Execution flaw (CVE-2025-49596) in Anthropic’s MCP Inspector highlights vulnerabilities in default configurations, emphasizing the need for Acuvity’s hardened framework. Developers are urged to prioritize secure configurations to mitigate risks like token hijacking and data exposure.
Acuvity’s Secure MCP Server Protection strengthens the foundation for safe, scalable GenAI adoption. By addressing MCP’s security gaps, it empowers developers and enterprises to build AI-native applications with confidence, driving innovation in the AI ecosystem.
Acuvity is the AI Security Company. We build purpose-built technology to protect the modern enterprise from risks introduced by GenAI, autonomous agents, and emerging AI-driven systems. Our flagship platform, RYNO, secures GenAI at every layer—enabling responsible, secure AI adoption at scale.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.