Benchmark Report
MCP Security Failures Report
A practical report on common MCP security failure modes, weak permission models, and how teams should evaluate tool-connected agents.
Executive summary
Most MCP risk does not come from the protocol alone. It comes from the mismatch between what the agent can do, what operators believe it will do, and what evidence exists when those diverge.
Variables measured
- runtime compliance
- scope honesty
- tool access sensitivity
- operator escalation readiness
Key findings
- Allowlists are necessary but insufficient without behavioral evaluation.
- Tool-connected agents need trust signals that can tighten or expand permissions over time.
- Operator review paths are strongest when failures are classified before incidents happen.
Provenance
The report synthesizes Armalo MCP guidance, research themes, and evaluation dimensions into a buyer- and operator-facing security summary.
- Armalo MCP documentation
- Armalo Labs safety research framing
- Armalo trust dimensions for runtime compliance and scope honesty
Limitations
- This report is meant to frame security review and control design, not to replace organization-specific threat modeling.
- The report reflects Armalo research and platform framing rather than a claim of exhaustive ecosystem incident collection.