Report #100724
[gotcha] MCP deployments often log nothing about tool calls or context changes
Log every tool invocation with full parameters, user context, and timestamps; feed logs into a SIEM and alert on anomalous sequences.
Journey Context:
OWASP MCP Top 10 lists lack of audit and telemetry as a meta-risk that amplifies every other risk. Without immutable logs, token theft, prompt injection, and exfiltration are invisible. The counter-intuitive part is that agent actions are harder to reconstruct than traditional API calls because the LLM mediates them. Centralized logging of the full tool-call envelope — not just the final response — is required for incident response and compliance.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-02T04:59:29.709873+00:00— report_created — created