Paper Reference
Man-in-the-Middle Attacks — arxiv:2601.17549, §3 (Protocol Specification Analysis)
"Interception of MCP communications to steal or modify messages"
Current State
IntentGuard currently operates as a stdio proxy and does not enforce or validate transport-layer security. There is no TLS pinning, certificate validation, or server authentication mechanism.
What Should Be Implemented
- TLS enforcement for HTTP-based MCP transports (SSE/Streamable HTTP)
- Optional server certificate pinning configuration
- Warning when MCP connections use unencrypted transport
- Policy option:
transport_rules.require_tls: true
Why It Matters
Without transport security, an attacker on the network path can intercept, read, or modify MCP messages between the agent and server, undermining all other guardrails.
Priority
Medium — stdio transport (local) is inherently safe, but HTTP-based MCP transports (which are becoming more common) need this.
Paper Reference
Man-in-the-Middle Attacks — arxiv:2601.17549, §3 (Protocol Specification Analysis)
Current State
IntentGuard currently operates as a stdio proxy and does not enforce or validate transport-layer security. There is no TLS pinning, certificate validation, or server authentication mechanism.
What Should Be Implemented
transport_rules.require_tls: trueWhy It Matters
Without transport security, an attacker on the network path can intercept, read, or modify MCP messages between the agent and server, undermining all other guardrails.
Priority
Medium — stdio transport (local) is inherently safe, but HTTP-based MCP transports (which are becoming more common) need this.