AgentReserve
About

Securing the agentic AI world, one MCP server at a time.

I’m a security engineer working in the AI security industry. AgentReserve is the platform I built to raise the security posture of MCP servers — so the agents that depend on them can be trusted by default, not by accident.

Mission

Why this exists.

Agents are starting to plug into the world through MCP servers. Every server an agent connects to inherits power: it can read data, call tools, mutate state, and reach the network on the user’s behalf.

The industry shipped the protocol before it shipped the trust model. There’s no easy way to know, at connection time, whether a server is safe to grant that power to.

AgentReserve is my answer: a public, passive, deterministic trust report for any MCP server you can point a URL at. Read-only. No credentials. No tools/call. Just a clear letter grade and a list of named rules behind it — so operators can fix what’s broken, and agents can refuse to connect to what isn’t.

Principles

What we won’t compromise on.

  • Passive by construction

    We never invoke a tool, never send credentials, never push past a 401. The scanner has no code path that calls a tool — it can't, even by accident.

  • Public and deterministic

    Same inputs, same score. Every rule is named, weighted, and documented. You can argue with the methodology — that's the point.

  • Honest about limits

    A clean report is not a guarantee of runtime safety. We measure the surface area an agent inherits, not the operator's intent.

  • Built for operators and agents alike

    Server operators get a punch list. Agent runtimes get a verdict and a webhook. Both feed the same scoring engine.

Roadmap

Where this is headed.

  1. Today

    Trust reports for any MCP server

    Submit a URL, get a public scorecard backed by a rule catalog. Browse the directory of scanned servers. Wire up webhooks so your agent runtime can act on a verdict.

  2. Next

    Continuous monitoring

    Re-scan on a schedule, alert on regressions, and surface drift between what a server advertised yesterday and what it advertises today.

  3. Later

    Behavioral signal, with consent

    Today's scan is purely passive. Future scans — opt-in, scoped, and bounded — will exercise tools in a sandbox to catch what the static surface can't.

Get involved

If you operate an MCP server, scan it. If you build agents, wire up the verdict before you connect.

Scan a server →Read the methodologyAPI docs