Definition
Supply chain compromise includes tampered npm packages, container images, or tool manifests that change behavior after deployment—exposing new tools or altering existing ones.
How it appears in MCP
Upstream servers return different tools/list results or silently change semantics; clients and models trust the catalog they see.
Example pattern
Package registry incidents and typosquatting are well known; container image drift affects any protocol served from that image, including MCP.
What MCP Trail does on the Guardian path
Audit logs, analytics on tool churn, allowlists, HITL for risky tools, and DLP reduce impact and improve detection after traffic enters Guardian. A gateway does not replace pinning, signing, and vendor review of upstream artifacts.
What still needs process
Dependency pinning, image provenance, and incident response playbooks.