MCIP: Protecting MCP Safety via Model Contextual Integrity Protocol
Huihao Jing, Haoran Li, Wenbin Hu, Qi Hu, Heli Xu, Tianshu Chu, Peizhao Hu, Yangqiu Song
TL;DR
This work tackles safety gaps in Model Context Protocol (MCP) by introducing MCIP, a safety-enhanced MCP guided by the MAESTRO framework. It identifies missing tracking and safety-aware components, and develops a Model Contextual Integrity Protocol with a tracking log format (MCI) and a safety guard (MCIP Guardian). A fine-grained taxonomy of MCP risks is paired with MCIP-bench and taxonomy-guided training data to evaluate and improve LLMs' risk recognition in MCP interactions. Experimental results across state-of-the-art models show notable improvements in safety metrics and a balanced safety–utility trade-off, offering a concrete blueprint for context-aware safety in multi-component LLM agent ecosystems.
Abstract
As Model Context Protocol (MCP) introduces an easy-to-use ecosystem for users and developers, it also brings underexplored safety risks. Its decentralized architecture, which separates clients and servers, poses unique challenges for systematic safety analysis. This paper proposes a novel framework to enhance MCP safety. Guided by the MAESTRO framework, we first analyze the missing safety mechanisms in MCP, and based on this analysis, we propose the Model Contextual Integrity Protocol (MCIP), a refined version of MCP that addresses these gaps. Next, we develop a fine-grained taxonomy that captures a diverse range of unsafe behaviors observed in MCP scenarios. Building on this taxonomy, we develop benchmark and training data that support the evaluation and improvement of LLMs' capabilities in identifying safety risks within MCP interactions. Leveraging the proposed benchmark and training data, we conduct extensive experiments on state-of-the-art LLMs. The results highlight LLMs' vulnerabilities in MCP interactions and demonstrate that our approach substantially improves their safety performance.