// SpyderNet Security · Pre-deployment MCP audits

Audit your MCP server before you hand it to an agent.

Automated scanners catch the obvious stuff. We catch the tool-chaining and privilege issues they miss — and hand you a fix list ranked by what actually gets you owned.

Run the free scanner → Book a Full Audit

Manual review Runtime red-team Mapped to OWASP MCP Top 10 Fix-ranked report

The work

Tools find patterns. We find the chains they miss.

Four good free scanners exist, and we run them as a baseline floor. But scanners can't see a confused-deputy privilege bug, a multi-step tool-chain, or a secret that only leaks in a tool's response. That gap is human. That's the product.

▸ What we do

Pre-deployment audit of your MCP server
Manual code & tool-definition review
Authorized runtime red-team (injection, SSRF, confused-deputy, chaining)
Prioritized, fix-oriented report ranked by exploitability
One re-test of fixed criticals

▸ What we don't

Runtime gateways / always-on proxies
Generic LLM/AI "safety" consulting
Full-company pentests — this is a narrow wedge
Active testing without signed authorization
Scanner output with no judgment attached

Shared language

Every finding maps to the OWASP MCP Top 10.

Your security team reads a taxonomy they already recognize — not a pile of CWE numbers.

MCP01

Token Mismanagement & Secret Exposure

MCP02

Privilege Escalation via Scope Creep

MCP03

Tool Poisoning

MCP04

Supply Chain & Dependency Tampering

MCP05

Command Injection & Execution

MCP06

Intent Flow Subversion

MCP07

Insufficient Authentication & Authorization

MCP08

Lack of Audit & Telemetry

MCP09

Shadow MCP Servers

MCP10

Context Injection & Over-Sharing

// taxonomy is a living beta — re-pulled from the live OWASP project before every engagement.

The gap, with real data

A clean scan would have shipped an RCE.

From a real end-to-end audit of a deliberately-vulnerable MCP server: an off-the-shelf scanner rated the dangerous tools "Verified." The manual runtime pass confirmed all of them exploitable.

Scanner says

ping_hostVERIFIED ✓

read_fileVERIFIED ✓

fetch_urlVERIFIED ✓

get_configVERIFIED ✓

cross-server admin toolnot seen

We found

ping_host → command injectionRCE ✕

read_file → sandbox escapeCRITICAL ✕

fetch_url → SSRFCRED THEFT ✕

get_config → secret in responseLEAK ✕

confused deputy → cross-tenant dumpCRITICAL ✕

Engagements

Priced on the outcome, not the hour.

You're buying judgment and a report a founder can act on — anchored against a traditional web-app pentest, for a narrower, specialized target.

Quick Scan

$500–$1,500

Safe, static-only entry point. The natural first step from a free risk score.

Free scanner baseline
Tool-description review (read as the model)
Repo / manifest review if shared
Short findings doc

Start here

Most picked

Full Audit

$2,500–$7,500

The core product. Static plus an authorized runtime red-team.

Everything in Quick Scan
Runtime red-team (injection, SSRF, confused-deputy, chaining)
Prioritized report, OWASP-mapped
30-min walkthrough call
One re-test of fixed criticals

Book a Full Audit

Deep Engagement

$10,000–$25,000+

Multi-server scope for mid-market / compliance buyers.

Audit across multiple servers
Written threat model (trust boundaries)
Hands-on remediation guidance
Full retest cycle

Talk scope

Who you're hiring

A security practice that lives in MCP internals.

SpyderNet Security finds and reports the vulnerabilities small teams ship by accident — now for the newest attack surface. The MCP security seat is still open: the category taxonomy only stabilized in early 2026, and the defenders that exist mostly sit at runtime. We work the pre-deployment gap.

FINDINGSReal, accepted bug-bounty findings against production targets.
HANDS-ONWe build and break MCP servers and AI-agent tooling — including a full deliberately-vulnerable MCP lab.
INSIDEIncoming internship on a company MCP / AI-agent team — current on how these ship.
METHODA versioned audit methodology mapped to the OWASP MCP Top 10, refined every engagement.

FAQ

MCP security, answered.

Common questions about MCP server security, the OWASP MCP Top 10, and how an audit works.

What is MCP security?

MCP (Model Context Protocol) is how an AI agent connects to your tools and data. MCP security is the practice of making sure that connection can't be turned against you — that the server exposing your tools can't be tricked into running commands, leaking secrets, or acting beyond what the user is allowed to do.

What are the most common MCP server vulnerabilities?

The recurring classes are catalogued in the OWASP MCP Top 10: secret exposure, tool poisoning, command injection, server-side request forgery (SSRF), path traversal, supply-chain tampering, and weak authentication. Most public MCP servers ship with at least one.

How do you audit an MCP server?

We review the server's code and every tool it exposes, run the automated scanners as a baseline, then — with your written authorization — actively test the running server the way an attacker would. You get a report that ranks each finding by real-world risk, mapped to the OWASP MCP Top 10, with concrete fixes.

Is the free MCP security scanner safe to use?

Yes. The free scanner reads only public or pasted code, runs entirely in your browser, performs no active testing, and sends nothing to us. It's the automated baseline — a full audit is where the human judgment comes in.

How much does an MCP security audit cost?

A Quick Scan runs $500–$1,500, a Full Audit $2,500–$7,500, and a multi-server Deep Engagement $10,000+. You're paying for expert judgment and a report you can act on, not open-ended consulting hours.

What is the OWASP MCP Top 10?

It's the security industry's standard list of the ten most important ways MCP servers get attacked — from tool poisoning and command injection to authentication gaps. We grade every finding against it so your team gets a recognized benchmark, not a private opinion.

// Work with us

Book a Full Audit.

Run the free scanner first for the automated floor. When you want the real thing, bring us your MCP server — manual review plus an authorized runtime red-team, mapped to the OWASP MCP Top 10 and delivered as a fix-ranked report. Tell us about it and we'll reply with scope and a quote.

Static-on-public until you sign No active testing without authorization