SAFE-MCP
Security Analysis Framework for Evaluation of MCP
SAFE-MCP is a specification for MCP attack vectors and mitigation techniques, initiated by astha.ai and now part of the OpenID and Linux Foundations, driven by community collaboration.
Part of


Initiated by Astha.ai
We're actively evolving — join us as we build the future of MCP security together.
What is SAFE-MCP?
MITRE ATT&CK Adaptation
Framework Coverage
Guidance & Mappings
Why It Matters
Security Engineers & Red Teams
Developers / System Architects
Auditors & Researchers
SAFE-MCP Team
Led by industry experts in cloud-native security, Zero Trust, and software supply chain defense
Frederick Kautz is a distinguished leader in open-source and cloud-native communities, with over 10 years of Kubernetes and Docker experience, and extensive expertise in software supply chain security, Zero Trust, and networking.
Key Achievements
- ●Co-authored NIST Special Publication 800-204D, defining strategies for software supply chain security in DevSecOps CI/CD pipelines, which significantly influenced the Department of Defense's Enterprise DevSecOps Fundamentals v2.5
- ●Created in-toto Archivista, an open-source graph and storage service for in-toto attestations, enabling secure discovery and retrieval of software artifact attestations
- ●Lead Architect at Elevance Health for the Sydney Health app, collaborating with the CISO to define Zero Trust strategy and GCP onboarding
- ●Emeritus Co-Chair of KubeCon + CloudNativeCon, leading the global cloud-native community through and beyond the COVID phase
Current Leadership Roles
- ●SPIFFE Steering Committee Member – Driving standards in workload identity and Zero Trust
- ●OmniBOR and ProtoBOM Co-Creator – Advancing transparency in binary provenance and SBOM practices
- ●Network Service Mesh Co-Founder – Modernizing network infrastructure for secure, cloud-native networking
- ●CNCF TAG Security Contributor – Co-author of the Cloud Native Security White Paper
Innovation & Standards
- ●Defined the CNF: Cloud Native Network Function, transforming network service provider architectures for Kubernetes
- ●Developed one of the first federated learning platforms for healthcare in 2019, enabling collaborative research while preserving patient privacy
- ●Founded Red Hat Container Storage Engine, providing storage solutions for containers
- ●Architected WorkOS at Elevance Health, an enterprise platform streamlining operations with advanced security measures
Community Involvement: Former Program Committee Member for KubeCon EU & NA, Open Networking Summit, Edge Computing World, and former LFPH Technical Advisory Committee Member. Active contributor to CNCF TAG Security, NTIA SBOM Working Group, and various cloud-native initiatives.