MCP-in-SoS: Risk assessment framework for open-source MCP servers

Model Context Protocol (MCP) servers have rapidly emerged over the past year as a widely adopted way to enable Large Language Model (LLM) agents to access dynamic, real-world tools. As MCP servers proliferate and become easy to adopt via open-source releases, understanding their security risks becomes essential for dependable production agent deployments. Recent work has developed MCP threat taxonomies, proposed mitigations, and demonstrated practical attacks. However, to the best of our knowledge, no prior study has conducted a systematic, large-scale assessment of weaknesses in open-source MCP servers. Motivated by this gap, we apply static code analysis to identify Common Weakness Enumeration (CWE) weaknesses and map them to common attack patterns and threat categories using the MITRE Common Attack Pattern Enumerations and Classifications (CAPEC) to ground risk in real-world threats. We then introduce a risk-assessment framework for the MCP landscape that combines these threats using a multi-metric scoring of likelihood and impact. Our findings show that many open-source MCP servers contain exploitable weaknesses that can compromise confidentiality, integrity, and availability, underscoring the need for secure-by-design MCP server development.

Energy Demand Prediction with Federated Learning for Electric Vehicle Networks

In this paper, we propose novel approaches using state-of-the-art machine learning techniques, aiming at predicting energy demand for electric vehicle (EV) networks. These methods can learn and find the correlation of complex hidden features to improve the prediction accuracy. First, we propose an energy demand learning (EDL)-based prediction solution in which a charging station provider (CSP) gathers information from all charging stations (CSs) and then performs the EDL algorithm to predict the energy demand for the considered area. However, this approach requires frequent data sharing between the CSs and the CSP, thereby driving communication overhead and privacy issues for the EVs and CSs. To address this problem, we propose a federated energy demand learning (FEDL) approach which allows the CSs sharing their information without revealing real datasets. Specifically, the CSs only need to send their trained models to the CSP for processing. In this case, we can significantly reduce the communication overhead and effectively protect data privacy for the EV users. To further improve the effectiveness of the FEDL, we then introduce a novel clustering-based EDL approach for EV networks by grouping the CSs into clusters before applying the EDL algorithms. Through experimental results, we show that our proposed approaches can improve the accuracy of energy demand prediction up to 24.63% and decrease communication overhead by 83.4% compared with other baseline machine learning algorithms.