Security Research & Updates
Threat intelligence, engineering deep-dives, and product updates from the Navil team.
MCP Server Hardening: A Production Checklist
A practical hardening checklist for MCP servers in production. Dependencies, policy enforcement, monitoring, CI/CD gates — everything security teams need.
AI Agent Pentesting: How to Red Team Your MCP Deployments
Step-by-step guide to penetration testing your AI agent's MCP tool access. Includes test cases, payloads, and automated scanning with navil test.
Cursor AI Security Settings: What to Check Before Each Session
Cursor gives your AI model access to your file system, terminal, and debugger. A quick 12-point checklist to harden your Cursor AI setup and reduce prompt injection attack surface.
Claude Code Security: Protect Your AI IDE with an MCP Proxy
Claude Code has powerful tool access — file reads, command execution, web search. Learn why that access is a security risk and how to wrap it with an MCP security proxy in under a minute.
Top 12 Prompt Injection Attacks on AI Agents (2026)
A practical breakdown of the 12 most common prompt injection attack vectors targeting AI agents that use MCP tools — from indirect injection in retrieved documents to tool-chaining privilege escalation.
navil vs Portkey: Security Gateway Comparison
Portkey is an AI gateway for routing, caching, and observability. navil is a security proxy for MCP servers. Here's the difference, when you need each, and when you need both.
Anthropic Just Launched Claude Security. Here's Why Your AI Agents Are Still Exposed.
Claude Security is a world-class SAST tool powered by Opus 4.7. But your MCP stacks and autonomous agents are still wide open at runtime. Here's the gap — and how to fix it.
Claude Code Security: How to Protect Your Tool Calls
Claude Code reaches MCP servers on your behalf. Here's what that attack surface looks like and how to enforce policy on every tool call before it leaves your machine.
Claude Security is good. It's also not enough.
Anthropic shipped Claude Security and Claude Managed Agents this week. Both are real products. Neither covers the runtime governance layer for the heterogeneous agent fleet most enterprises actually run.
How to Secure MCP Servers in Production
A practical guide to hardening MCP servers before they reach production. Covers dependency auditing, policy scoping, runtime enforcement, and the CVEs affecting Anthropic's own SDK.
MCP Security Best Practices 2026
The definitive checklist for securing MCP servers: dependency pinning, policy scoping, runtime enforcement, and the CVE findings that security teams need to know.
What Is Agent Governance? And Why Your LLM Needs It
Agent governance is the practice of defining and enforcing what AI agents are allowed to do at runtime. Here's what it means in practice and why static scanning isn't enough.
SAFE-MCP Is the New Standard. Here's How to Map Your Agent Security Coverage.
SAFE-MCP has been formally adopted by the Linux Foundation and OpenID Foundation. Here's what its 14 tactic categories cover, how to map your controls against them, and where Navil fits in.
Your Agent Security Score is a Number, Not a Feeling
How navil test runs 200 attack simulations across 11 categories, gives you an actual security score, and integrates with CI/CD to fail builds when coverage drops.
How 1,000 Navil Nodes Protect Each Other Without Sharing Your Data
Deep dive into Navil's community threat network: the Give-to-Get model, privacy architecture, the Global Threat Blocklist, and how 1,000 nodes achieve collective defense without sharing raw data.
Which MCP Client is Being Attacked? How Navil Agent Identity System Works
Use agent-prefix to namespace agent identities by client for full multi-client visibility and per-client security policies.
navil wrap vs navil shim -- What is the Difference and Why It Matters
Understanding the two-step pipeline: wrap rewrites your config, shim enforces security at runtime.
How 12 Statistical Detectors Catch Threats That Rules Cannot
Deep dive into Navil adaptive anomaly detection: 12 detectors, EMA baselines, trust scores, and the architecture that keeps security off the hot path.
Navil Watches Your Agents for a Week, Then Writes Your Security Policies
How the AI Policy Builder observes agent behavior and auto-generates security policies with human-in-the-loop approval.
Your Agent Can Read Your Codebase But Can Never Touch Your Secrets
How Navil policy engine uses YAML rules to control what tools agents can call, what data they access, and where they send it.
How Navil Cuts 94% of Your MCP Token Costs Without Breaking Anything
MCP dumps every tool schema into every agent session — 50,000+ tokens you're paying for but never using. Here's how context-aware scoping fixes it.
We Published the First Open Threat Taxonomy for AI Agents
11 attack classes, 30 detection categories, 200+ base vectors. The MITRE ATT&CK of agent security — published as open data.
Hello World: Welcome to the Navil Blog
Introducing the Navil blog — where we share security research, product updates, and insights on protecting AI agents from emerging threats.