Security

mcp.run provides several mitigations against Model Context Protocol (MCP) exploits right out of the box, simply based on the design of the underlying system. These general mitigations include profiles, a permissions system around access to the filesystem and remote URLs and additional isolation from the underlying system using WebAssembly. Profiles can be used isolate MCP servers from one another to prevent data exfiltration attacks.

Exploit	Mitigations
Tool name attacks^*	tool name prefixing, profiles, permissions
Remote code execution	WebAssembly sandboxing
Credential theft	profiles, permissions
Indirect prompt injection^*	profiles, permissions

_{* denotes attacks that may still be attempted, but won’t be possible when features like profiles and permissions are
being used}