Cloud Security 24 min read
Detecting Rogue MCP Servers and Shadow AI Agents on Endpoints with Wazuh
A custom Wazuh rule pack and reproducible Docker lab that catches rogue MCP servers, shadow AI agent activity, and indirect prompt-injection chains on engineering endpoints. 6 decoders, 17 rules, MITRE ATT&CK mapped, validated live on Wazuh 4.14.5.