Bawbel – MCP Server Security Scanner

An open-source vulnerability scanner for AI agent components (MCP servers). Identifies critical security issues in agentic AI deployments, addressing the growing need for supply-chain security in AI infrastructure.

MCP (Model Context Protocol) adoption is accelerating fast as agentic AI workflows move into production, and supply-chain security for these components is almost entirely unaddressed — OWASP only published its first LLM/agent-specific top-10 list in 2023, and dedicated tooling hasn't caught up. No clear incumbent owns this space yet; the closest analogues are general secrets scanners like Trufflehog or Snyk's dependency scanning, neither of which understands MCP-specific attack surfaces like tool poisoning or prompt injection vectors baked into server definitions. The $2k–10k/mo revenue band is realistic but tight — this is a classic "open core" play where the scanner is free and you charge for CI/CD integrations, policy enforcement, or team dashboards, which means conversion from free users to paying customers is the entire business. The biggest risk is timing: MCP could consolidate around a handful of vetted, official servers faster than enterprise adoption scales, shrinking the attack surface and the market simultaneously before a paid tier gets traction.