Blog

Security Research & Updates

Threat intelligence, engineering deep-dives, and product updates from the Navil team.

April 7, 2026|10 min read

SAFE-MCP Is the New Standard. Here's How to Map Your Agent Security Coverage.

SAFE-MCP has been formally adopted by the Linux Foundation and OpenID Foundation. Here's what its 14 tactic categories cover, how to map your controls against them, and where Navil fits in.

mcpsecuritystandardscoverage-scoring

April 1, 2026|8 min read

Your Agent Security Score is a Number, Not a Feeling

How navil test runs 200 attack simulations across 11 categories, gives you an actual security score, and integrates with CI/CD to fail builds when coverage drops.

mcpsecuritypen-testingdevops

March 31, 2026|7 min read

How 1,000 Navil Nodes Protect Each Other Without Sharing Your Data

Deep dive into Navil's community threat network: the Give-to-Get model, privacy architecture, the Global Threat Blocklist, and how 1,000 nodes achieve collective defense without sharing raw data.

mcpsecuritythreat-intelligenceprivacy

March 28, 2026|4 min read

Which MCP Client is Being Attacked? How Navil Agent Identity System Works

Use agent-prefix to namespace agent identities by client for full multi-client visibility and per-client security policies.

mcpsecurityobservabilitytutorial

March 28, 2026|3 min read

navil wrap vs navil shim -- What is the Difference and Why It Matters

Understanding the two-step pipeline: wrap rewrites your config, shim enforces security at runtime.

mcptutorialarchitecture

March 28, 2026|8 min read

How 12 Statistical Detectors Catch Threats That Rules Cannot

Deep dive into Navil adaptive anomaly detection: 12 detectors, EMA baselines, trust scores, and the architecture that keeps security off the hot path.

mcpsecurityanomaly-detection

March 27, 2026|7 min read

Navil Watches Your Agents for a Week, Then Writes Your Security Policies

How the AI Policy Builder observes agent behavior and auto-generates security policies with human-in-the-loop approval.

mcpaipolicyautomation

March 26, 2026|7 min read

Your Agent Can Read Your Codebase But Can Never Touch Your Secrets

How Navil policy engine uses YAML rules to control what tools agents can call, what data they access, and where they send it.

mcpsecuritypolicytutorial

March 25, 2026|6 min read

How Navil Cuts 94% of Your MCP Token Costs Without Breaking Anything

MCP dumps every tool schema into every agent session — 50,000+ tokens you're paying for but never using. Here's how context-aware scoping fixes it.

mcpperformancecost-optimizationtutorial

March 24, 2026|8 min read

We Published the First Open Threat Taxonomy for AI Agents

11 attack classes, 30 detection categories, 200+ base vectors. The MITRE ATT&CK of agent security — published as open data.

securitymcpthreat-intelligenceopen-source

March 23, 2026|2 min read

Hello World: Welcome to the Navil Blog

Introducing the Navil blog — where we share security research, product updates, and insights on protecting AI agents from emerging threats.

announcementnavilai-security