Making AI agent security visible
Mission
AI agents are being deployed into production systems at scale. MCP servers, the protocol connecting LLMs to tools and data, are becoming critical infrastructure. But there is no standard way to evaluate their security posture.
MCPAmpel aggregates results from multiple independent security engines into a single trust score. It scans MCP servers, AI agent skills, and any code repository for security issues that single-vendor scanners miss. One scan, many perspectives. No single tool catches everything, so we run them all.
Multi-engine aggregation
Every scan runs the repository through independent security engines in parallel, each in its own sandboxed container. The engines cover MCP-specific threats (tool poisoning, prompt injection, agent delegation risks), traditional code analysis (static analysis, secrets detection), dependency vulnerabilities, license compliance, and infrastructure misconfigurations.
Built by
HackTheBox Elite Hacker, ranked #16 in Germany. 2x top-5 solo CTF finisher. Reported vulnerabilities to NASA, John Deere, and X/xAI.
Runs IT for two companies. Built their security stack from scratch and blocked real attacks. Built MCPAmpel because AI agents run with real permissions and nobody was checking.
Why I Built MCPAmpel
I started MCPAmpel after scanning MCP servers during security research and finding that 26% of them had at least one significant vulnerability. Most developers had no way to know.
The problem is the same one VirusTotal solved for malware: no single scanner catches everything. Running 16 engines manually is impractical. MCPAmpel does it in one click and gives you a single trust score backed by per-engine evidence.
With NIS2 requiring German companies to document supply chain security for AI tools, the timing made sense. MCPAmpel gives security teams the visibility they need and gives developers a free way to check before they ship.