The decentralized architecture of the Model Context Protocol (MCP) improves usability but introduces under-studied security risks—particularly due to the separation of client and server components, which complicates systematic security analysis. This work identifies, for the first time, critical gaps in MCP’s security mechanisms. Method: We propose the Model Context Integrity Protocol (MCIP), the first fine-grained taxonomy of insecure behaviors specific to MCP, along with a dedicated evaluation benchmark (MCIP-Bench). Leveraging the MAESTRO framework, we conduct comprehensive security analysis, behavioral modeling, dataset construction, and large language model (LLM) security fine-tuning. Contribution/Results: Experiments demonstrate that MCIP significantly improves the detection accuracy of mainstream LLMs across diverse MCP-related security threats. It validates MCIP’s effectiveness, practicality, and strong cross-model generalization capability—establishing a foundational step toward secure MCP deployment.

As Model Context Protocol (MCP) introduces an easy-to-use ecosystem for users and developers, it also brings underexplored safety risks. Its decentralized architecture, which separates clients and servers, poses unique challenges for systematic safety analysis. This paper proposes a novel framework to enhance MCP safety. Guided by the MAESTRO framework, we first analyze the missing safety mechanisms in MCP, and based on this analysis, we propose the Model Contextual Integrity Protocol (MCIP), a refined version of MCP that addresses these gaps. Next, we develop a fine-grained taxonomy that captures a diverse range of unsafe behaviors observed in MCP scenarios. Building on this taxonomy, we develop benchmark and training data that support the evaluation and improvement of LLMs' capabilities in identifying safety risks within MCP interactions. Leveraging the proposed benchmark and training data, we conduct extensive experiments on state-of-the-art LLMs. The results highlight LLMs' vulnerabilities in MCP interactions and demonstrate that our approach substantially improves their safety performance.