Backslash unveils MCP Security to safeguard AI coding

Backslash Security has launched a new security product for Model Context Protocol (MCP) servers, as use of AI coding agents spreads through software development teams.

The new MCP Security offering sits inside Backslash’s wider platform for AI-native and so‑called “vibe coding” workflows. It combines MCP discovery, vetting, hardening and a real-time MCP proxy that runs on developer machines.

MCP is an emerging protocol that links large language models with tools, data sources and development environments. Developers use MCP servers with AI agents and IDEs that generate and modify code.

Backslash said that adoption of MCP servers inside development workflows has risen sharply. It said many of these servers run without central oversight. Security teams often do not know which MCPs developers use or what data they expose.

Backslash warned that this lack of supervision has created a new blind spot. The company said organisations risk data leakage, prompt injection attacks and misuse of trusted services if they do not monitor MCP behaviour.

Attackers can access source code, credentials and internal intellectual property if MCP servers handle sensitive repositories. They can also pivot from a developer workstation into corporate servers and networks. Backslash said that this scenario can support software supply chain attacks.

The company said that vetting MCP servers for vulnerabilities and misconfigurations is only one part of the problem. MCPs can still introduce risk if they receive broad permissions or if those permissions drift over time. Trusted MCP servers can then be abused.

Backslash highlighted three common exploitation techniques. The first is data leakage and exfiltration, where MCPs expose source code, secrets and internal data. The second is prompt injection, where malicious inputs steer AI models into unsafe or unintended actions. The third is privilege escalation of an existing MCP, where attackers exploit weak or unmonitored permission controls.

The new MCP Security product aims to address these threats through what the company describes as defence-in-depth measures. The system monitors MCP use at the level of individual developer workstations instead of relying on network gateways.

One element is centralised discovery. The platform scans for MCP servers in use on developer laptops, in IDEs and by AI agents. This creates an inventory that security teams can review.

Another element is MCP vetting. The system assesses each MCP’s risk posture. It checks for known vulnerabilities, malware, configuration issues and permission scopes that the company considers excessive.

Security teams can then apply hardening policies. These policies define which MCPs are allowed and which configuration settings they can use.

The platform monitors configuration changes over time. It uses anomaly detection to spot unusual MCP behaviour or privilege changes.

A built-in MCP proxy intercepts inbound and outbound activities in real time. It inspects traffic between MCP servers, AI agents and other tools. It can block data leakage and prompt injection attempts before they reach the model or external systems.

The platform records MCP events and policy breaches. It feeds this data into existing SIEM and SOC tools for compliance and forensic analysis.

Backslash said the product uses a zero-configuration deployment model. The company said it does not require changes from developers.

Backslash’s Co-founder and CTO, Yossi Pik, said the growing use of MCP has changed the risk profile of AI development tools.

“MCPs have quickly become the universal connector for AI systems, enabling everything from agentic workflows to next-generation developer tools,” said Yossi Pik, co-founder and CTO of Backslash Security. “But with AI-native coding, the risk MCPs represent is significant, and the sole responsibility for securing MCPs is on the organizations that use them. There are no service providers and no 'shared responsibility'. Our new MCP Security solution enables security teams to get ahead of risks, while their software development teams drive innovation and efficiency with AI-native capabilities.”

The MCP Security product extends Backslash’s 360° AI coding and vibe coding security platform. The platform sits across the AI development stack and aims to give organisations visibility and governance over AI tools, including MCP servers.

Backslash said the core platform can show all AI agents, IDEs, MCPs and large language models that developers use. It also displays their risk posture.

The system includes hardening functions for AI agents and IDEs. It monitors configuration, file access, network access and permission boundaries. It enforces rules that reduce the attack surface around AI-driven development workflows.

Another feature focuses on pre-emptive code security. The platform applies centrally defined and dynamically updated prompt rules. These rules help AI models generate code that aligns with known security practices. The company said this approach reduces known vulnerabilities, exposed secrets and other common exposures in AI-generated code.

Backslash built its platform to work with modern IDEs and coding agents. It supports tools such as Cursor, Claude Code, Windsurf, Gemini and GitHub Copilot. It uses these touchpoints to monitor and govern AI activity inside developer environments.

The new MCP security functions are now live in the Backslash platform. The company is showcasing the product at Black Hat Europe in London and plans further demonstrations with development and security teams in the coming months.