Acuvity, a leader in GenAI security and governance, announced the release of its Open Source Secure MCP Server Protection delivering the industry's most comprehensive framework for safely adopting the Model Context Protocol (MCP)—a rising standard for connecting AI models with external tools, workflows, and data.

The Model Context Protocol (MCP) streamlines AI tool integration by giving large language models (LLMs) the ability to invoke tools and access structured data in real time. But with this flexibility comes growing concern around security, observability, and governance. Acuvity's open source offering addresses these challenges head-on, providing organizations with a battle-tested and production-ready MCP Server hardened for enterprise use.

"MCP is a powerful enabler of AI-native applications, but it was never designed with security in mind," said Satyam Sinha, CEO and founder of Acuvity. "We're making our Secure MCP Server open source to give developers and teams a safe, scalable starting point for building with this protocol. As more engineers use MCP to connect models with tools and APIs, we want to make sure they can do so without introducing unnecessary risk."

Key Benefits of Acuvity's Open Source MCP Server Security

Acuvity's Secure MCP Server gives developers a practical foundation for working with the protocol in production environments. It includes hardened container builds, support for secure runtime communication, and automated deployment across cloud and on-prem infrastructure. The project is designed to help teams move faster while maintaining control over access, observability, and safety.

1. Safe Adoption of MCP: Acuvity's server integrates core security features needed for compliant, enterprise-grade MCP deployments, allowing developers to confidently build AI integrations without introducing risk.
2. Extensive MCP Server Coverage: With thousands of MCP servers already in the wild—many unmanaged and unvetted—Acuvity maintains a curated repository of secure containerized builds for over 100 common MCP Servers, easily extensible for more.
3. Developer-Friendly Automation: Engineered for modern development workflows, the server supports automated deployment via Kubernetes, Hrml, Docker, and integrates seamlessly with IDEs like VS Code, Windsurf, Cursor, Claude Desktop, and more.
4. Easy extensibility to add coverage for MCP specific vulnerabilities: Acuvity has coverage for common MCP specific threats like Cross-Server Tool Shadowing, Rug Pulls, Secrets leakage, Tool poisoning etc. Security researchers from the community can add more easily.

Built-In Security Features Include:

1. Isolated Execution: Sandboxed containers for AI models that may process sensitive data or execute untrusted code, reducing the risk of data leaks and lateral movement.
2. Non-root by Default: Enforces least-privilege access minimizing the impact of vulnerabilities in AI frameworks or dependencies
3. Immutable Runtime: Tamper-proof deployments with read-only filesystems.
4. Version Pinning & CVE Scanning: Prevents supply chain attacks with dependency validation and signed containers.
5. MiniBridge Runtime Proxy: Handles agent authentication, content filtering, and secure communication flows between agents and MCP servers.
6. TLS + Rego-based Threat Detection: Enterprise-ready HTTPS support, sensitive data scanning, and custom policy enforcement.

Designed for Scalable, Secure Deployment

Acuvity's open source release includes full support for:

1. Cloud-native deployments across AWS, Azure, GCP, and on-prem with easily deployed via Helm.
2. Observability with OpenTelemetry (OTEL) for detailed tracing and performance monitoring that can be easily extended to detect threats and anomalous behavior
3. OAuth 2.1 Authorization via Descope, eliminating common AuthN/AuthZ missteps for developers.

Committed to Open Source, Security, and Innovation

Acuvity views open source as critical infrastructure for the future of AI. By making its Secure MCP Server publicly available, the company is contributing a practical foundation for securing how AI systems interact with external tools and data.

From containerized builds and runtime enforcement to MiniBridge, the lightweight proxy that manages authentication and communication, every part of the project is designed for transparency, extensibility, and shared responsibility. Acuvity welcomes contributions from the developer and security communities to help advance safe adoption of the Model Context Protocol.