SAF-M-20: Anomaly Detection

June 1, 2026 ยท View on GitHub

Overview

Mitigation ID: SAF-M-20
Type: Detective Control
Complexity: High
Effectiveness: High

Description

Identify unusual patterns in OAuth requests across MCP servers using machine learning and behavioral analysis to detect novel attack techniques.

Implementation

[To be documented]

Related Techniques

  • SAF-T1007: OAuth Authorization Phishing
  • SAF-T1601: MCP Server Enumeration

References

  • OWASP Top 10 for LLM Applications

Contents

  1. 1Overview
  2. 2Description
  3. 3Implementation
  4. 4Related Techniques
  5. 5References