MCP Attest is a security tool — we take vulnerabilities seriously.

Do NOT open a public issue for security vulnerabilities.

Email: Carlos@AIAgentObservatory.org

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will respond within 48 hours with an assessment and timeline.

• Always verify server manifests before connecting
• Use TLS identity verification in production
• Keep revocation lists updated
• Set appropriate trust score thresholds for your risk tolerance