Salt Security identifies external misuse and abuse of MCP servers by AI agents

Salt Security announced it is extending its API behavioral threat protection to detect and block malicious intent targeting Model Context Protocol (MCP) servers deployed within the AWS ecosystem.

Building on the recent launch of Salt’s MCP Finder technology, Salt now enables organizations to identify external misuse and abuse of MCP servers by AI agents and attackers, and automatically block these threats using its integration with AWS WAF.

MCP servers have rapidly become a key component of enterprise AI architecture, enabling LLMs and autonomous agents to call APIs, execute tools, and complete workflows. But they also represent a new threat vector. Deployed without central oversight and often exposed to the internet, MCP servers are increasingly targeted by adversaries for unauthorized access to critical data and system access.

With this new capability, Salt enables customers to use their existing AWS WAF deployments to block attacks on MCP infrastructure. The protections are informed by real-time behavioral threat data from Salt’s platform.

“Most organizations don’t even know how many MCP servers they have, let alone which ones are exposed or being abused,” said Nick Rago, VP of Product Strategy at Salt Security. “This capability lets them take action quickly, using existing controls to prevent real threats without needing to deploy new infrastructure.”

The solution is based on Salt’s MCP Finder technology, which provides full visibility into the MCP layer across external, internal, and shadow deployments. By combining that discovery with AWS WAF, customers can:

• Automatically block MCP misuse and abuse before it impacts applications
• Discover previously unknown or unmanaged MCP implementations and ensure traffic is routed through AWS WAF for inspection and protection
• Extend AWS WAF edge protection to the AI action layer
• Apply intent-based behavioral threat detection to stop attacks targeting key AI infrastructure that traditional tools miss
• Continuously update protections based on evolving attacker tactics