MCP Security Best Practices

MCP's architecture is secure by design. But good security also depends on how you use it. This guide covers security best practices for MCP—from initial setup to ongoing usage. Follow these and you'll minimize risk while maximizing value.

Security Principles for MCP

1. Least Privilege

Only grant the access MCP needs. Read-only preferred.

2. Defense in Depth

Secure your device + credentials + usage patterns.

3. Know Your Data

Understand the sensitivity of what you connect.

4. Stay Informed

Security requires ongoing awareness.

Setup Security

3.1 Device Security First

MCP credentials live on your device. Device security = credential security.

Full disk encryption enabled (FileVault/BitLocker) Automatic screen lock configured Strong password/biometrics

3.2 Config File Protection

Your config file contains sensitive tokens. Protect it.

Restrict file permissions (chmod 600)
Never commit to public version control
Don't sync to unsecure cloud folders

3.3 Use Official Servers

For maximum security, prefer official Anthropic MCP servers. If using third-party servers, review the code or verify the author.

Credential Management

Handling OAuth tokens and API keys correctly is critical.

4.1 OAuth Scoping

Tool	Risky (Avoid)	Best Practice
Gmail	Full Mailbox	Read-only, specific labels
Drive	All Files	Specific Folder Scope
Slack	All Channels	Designated Channels

4.2 Rotation & Exposure

Revoke and re-authorize tokens every 6-12 months.
If your laptop is lost/stolen, revoke all OAuth tokens immediately.
Never share tokens in screenshots or support tickets.

Access Control

Be deliberate about tool selection.

Connect Freely

Productivity tools, Calendar, Reference Docs

Consider Carefully

Email, Shared Drives, Team Chat

Don't Connect

Regulated Data, Trade Secrets, Production DBs

Safe Usage Patterns

Be Mindful of Requests

Remember: When you ask about email, email content goes to the API. Don't ask about sensitive data unnecessarily.

Review Before Acting

Mistakes with read operations are fine. Write operations (sending email, deleting files) have consequences. Always review drafts.

Network Security

Outbound Only: MCP servers do not listen on network ports. No external party can connect "to" your MCP.
Trusted Networks: Avoid using MCP on public WiFi for sensitive work without a VPN.
Corporate Firewalls: Ensure your network allows outbound HTTPS to Anthropic and tool APIs.

Team Security

Shared environments require extra care.

Shared Tool Considerations

When MCP acts in Slack or Google Drive, it acts as you. The audit trail will show your name.

Coordinate usage with your team.
Don't access others' private folders.
For teams, define standard approved configurations.

Incident Response

Suspected Credential Compromise

Revoke OAuth access in affected tools immediately.
Remove MCP servers from config.
Change passwords.
Check audit logs for unauthorized access.

Complete Security Checklist

Initial Setup

Device encrypted & password protected Config file permissions restricted Only trusted servers installed

Ongoing

Minimum OAuth scopes granted Reviewing write operations before approving Quarterly access review scheduled

✓ Use official MCP servers
✓ Grant minimum permissions
✓ Secure your device
✓ Rotate credentials periodically

Don't

✕ Share config files publicly
✕ Install untrusted servers
✕ Connect highly sensitive tools blindly
✕ Grant broad access when narrow works

Ready to Secure Your Setup?

Quick Start Kit Full Security Guide