Integrated MCP scanning, hardening, and real-time MCP Proxy capabilities detect and stop data leakage, prompt injection, and privilege escalation threats
LONDON – Backslash Security, the vibe coding security company, today at Black Hat Europe 2025 announced the launch of its end-to-end solution for the secure use of Model Context Protocol (MCP) servers across modern software development environments. As organizations increasingly adopt AI-native coding agents and integrated development environments (IDEs), the Backslash platform is designed to protect the new AI-powered development stack in full.
While the use of MCP servers within development workflows has surged, they remain largely unsupervised within engineering teams, creating a blind spot for security teams. As a result, organizations are unknowingly exposing themselves to high-impact attack vectors that can be leveraged to compromise developer workstations, the organization’s servers and network, and to mount software supply chain attacks. Vetting MCP servers for vulnerabilities, misconfigurations, and excessive permissions is an essential component of MCP security, but is insufficient. Attackers can exploit trusted MCP servers if permissions are overly broad or insufficiently monitored. The most common MCP exploitation techniques include:
- Data leakage and exfiltration, which includes source code, secrets, credentials, and internal IP
- Prompt injection attacks, in which malicious inputs trick AI models into unsafe or unintended actions
- Privilege escalation of an existing MCP, which allows attackers to abuse a trusted MCP due to the lack of drift controls
To address these emerging threats and extend the Backslash vibe coding security platform, the Backslash MCP Security solution provides defense-in-depth capabilities that prevent, detect, and stop potential threats. Unlike network-based gateways, the Backslash approach intercepts threats on the developer workstation.
Key capabilities include:
- Centralized discovery of MCPs in use on developer workstations, by AI agents, and in IDEs
- MCP vetting to assess risk posture, including vulnerabilities, malware, configuration, and excessive permission risks
- Hardening policies that enforce the accepted configuration of allowed MCPs
- Monitoring of changes and anomaly detection for MCP behavior and privileges
- MCP Proxy that intercepts both inbound and outbound activities in real time, to block data leakage and prompt injection attempts
- Ongoing audit of events and policy violations for compliance and forensics, integrated into SIEM and SOC tools
- Zero-configuration deployment that requires no developer effort
“MCPs have quickly become the universal connector for AI systems, enabling everything from agentic workflows to next-generation developer tools,” said Yossi Pik, co-founder and CTO of Backslash Security. “But with AI-native coding, the risk MCPs represent is significant, and the sole responsibility for securing MCPs is on the organizations that use them. There are no service providers and no ‘shared responsibility’. Our new MCP Security solution enables security teams to get ahead of risks, while their software development teams drive innovation and efficiency with AI-native capabilities.”
The Backslash MCP Security solution is part of the company’s 360° AI coding and vibe coding security platform, which provides visibility, governance, and active protection across the entire AI-native development stack. In addition to MCP security, core Backslash platform capabilities include:
- Discovery and visibility: Shows all agents, IDEs, MCPs, and LLMs used by developers, and their risk posture
- AI agent and IDE hardening: Monitors and enforces secure configuration, file and network access, and permission boundaries to reduce the attack surface of agentic AI in the software development stack
- Preemptive code security: The use of centrally governed, detailed, and dynamically updated prompt rules to create secure-by-design code that is free from known vulnerabilities, exposed secrets, and other common exposures
The new MCP security capabilities are now available in the Backslash platform. Backslash will be exhibiting at booth #822 at Black Hat Europe 2025 at the Excel in London from December 10 – 11, 2025. Visit the Backslash website to learn more.
About Backslash Security
Backslash is the vibe coding security company. Our platform is purpose-built to empower organizations to accelerate their use of AI-native software development and vibe coding – safely and securely. Backslash leverages the capabilities of modern IDEs and coding agents such as Cursor, Claude Code, Windsurf, Gemini and GitHub CoPilot to provide visibility, governance and protection across AI developer environments, vet and monitor the use of MCP (Model Context Protocol) servers, and ultimately ensure that AI-generated application code adheres to security best practices and compliance requirements, preemptively reducing vulnerabilities and exposures. For more information, visit https://backslash.security.
