Quickstart

Get MCP Guard up and running in 3 minutes to protect your MCP clients from prompt injection attacks. This guide walks you through installing the GA command-line interface, authenticating with the General Analysis platform, and configuring your MCP clients to route all tool outputs through the MCP Guard security proxy. By the end of this quickstart, every MCP tool call in your AI coding assistant will be automatically screened for prompt injection, context hijacking, and data exfiltration attempts.

PrerequisitesPrerequisites

Before you begin, make sure you have the following installed on your system:

• Python 3.8 or higher (3.13 recommended)
• Node.js and npm installed 
• An MCP client (Cursor, Claude Desktop, etc.)

Python is required because the GA CLI and MCP Guard proxy are implemented in Python. Node.js is required because MCP servers typically run as Node.js processes. If you are unsure whether these are installed, run python --version and node --version in your terminal to check.

Step 1: Install GA CLIStep 1: Install GA CLI

The recommended way to set up MCP Guard is through the GA CLI (command line interface). Make sure you install version 0.1.7 of generalanalysis.

The GA CLI is a command-line tool that handles authentication, configuration, and management of MCP Guard. It automates the process of detecting your MCP clients, backing up their configurations, and inserting the MCP Guard proxy into the tool-call pipeline.

Option A: Using uv (Recommended)Option A: Using uv (Recommended)

uv is a fast Python package installer that handles virtual environments automatically. If you have uv installed, this is the simplest installation path:

uv tool install generalanalysis==0.1.7

Or with a specific Python version:

uv tool install generalanalysis==0.1.7 --python 3.13

Using uv tool install places the ga command on your system PATH automatically, so you can run it from any directory without activating a virtual environment.

Option B: Using pipOption B: Using pip

First, create a virtual environment:

python -m venv ga-venv
source ga-venv/bin/activate  # On Windows: ga-venv\Scripts\activate

Then install GA CLI:

pip install -U generalanalysis==0.1.7

When using pip, make sure the virtual environment is activated whenever you run ga commands. If you see a “command not found” error for ga, the most likely cause is that the virtual environment is not active.

Troubleshooting installation issuesTroubleshooting installation issues

• “command not found: ga” — If you installed with pip, make sure your virtual environment is activated. If you installed with uv tool, check that ~/.local/bin (or the equivalent on your OS) is on your PATH.
• Python version conflicts — If you have multiple Python versions installed, use uv tool install generalanalysis==0.1.7 --python 3.13 to pin the version explicitly, or create your pip virtual environment with a specific Python: python3.13 -m venv ga-venv.
• Permission errors — Avoid using sudo pip install. Instead, use a virtual environment or uv tool install, both of which install to user-writable directories.
• Network errors — If you are behind a corporate proxy, configure pip’s proxy settings with pip install --proxy http://proxy:port generalanalysis==0.1.7.

Step 2: Login to GA PlatformStep 2: Login to GA Platform

Authenticate with your Google account:

ga login

This will:

1. Open a browser for Google authentication
2. Create a project on our platform automatically
3. Generate an API key
4. Cache credentials in ~/.config/ga/

The login process uses OAuth 2.0 with Google as the identity provider. Your credentials are cached locally in ~/.config/ga/ so you do not need to re-authenticate on every command. The API key generated during login is used by the MCP Guard proxy to communicate with GA’s guardrail evaluation endpoint. If you need to log in with a different account or refresh your credentials, run ga login again.

Step 3: Configure MCP ClientsStep 3: Configure MCP Clients

Run the automatic configuration:

ga configure

This command will:

1. Detect all MCP clients on your system
2. Back up your original MCP configurations
3. Configure them to route through MCP Guard
4. Set up the proxy server

The ga configure command scans standard configuration paths for supported MCP clients. For Cursor, it looks at ~/.cursor/mcp.json. For Claude Desktop, it checks ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent path on your OS. The command reads each configuration file, wraps every MCP server entry with the MCP Guard proxy, and writes the updated configuration back. Your original configuration is saved as a backup file in the same directory, so you can revert at any time.

After running ga configure, restart your MCP client (Cursor, Claude Desktop, etc.) for the changes to take effect. MCP clients read their configuration at startup, so the proxy will not be active until you restart.

Verifying MCP Guard is workingVerifying MCP Guard is working

After installation and configuration, you can verify that MCP Guard is active and protecting your MCP clients:

1. Check proxy status: Run ga status to confirm that the MCP Guard proxy is running and connected to GA’s guardrail endpoint.
2. Test with a benign tool call: Use your MCP client normally — query a database, read a file, or call any MCP tool. The tool output should pass through without any noticeable delay or interference. This confirms that the proxy is forwarding legitimate content correctly.
3. Review logs: Check ~/.config/ga/logs/ for MCP Guard log files. Each log entry shows the tool name, server, timestamp, and whether the output was classified as safe or blocked. Seeing log entries confirms that tool outputs are being routed through the guard.
4. Test detection: If you want to confirm that the guard actively blocks malicious content, you can craft a test case with a known prompt injection pattern in a tool output and verify that MCP Guard intercepts it.

What protection looks like in practiceWhat protection looks like in practice

Once MCP Guard is configured, it works silently in the background. When you use your MCP client normally, you will not notice any difference — tool calls execute as before, and their outputs appear in your AI assistant’s context. The only time MCP Guard becomes visible is when it detects a threat.

When a prompt injection is detected in a tool output, MCP Guard blocks the malicious content and replaces it with a security alert. Your AI assistant sees the alert instead of the injected instructions, preventing the attack from executing. The blocked content is logged with details about the detected threat type, the offending tool and server, and the timestamp, giving you a clear audit trail for security review.

For example, if a database query returns a row containing hidden prompt injection text, MCP Guard will flag the output, block the injected content, and log the incident. Your AI assistant will receive a clean response indicating that potentially malicious content was detected and filtered, rather than blindly following the injected instructions.

Logs and monitoringLogs and monitoring

MCP Guard logs all security-relevant events to ~/.config/ga/logs/. These logs include:

• Evaluation results: Every tool output evaluation, including the guard’s classification (safe or blocked) and the confidence score.
• Blocked content: Full details of any blocked tool outputs, including the raw content that triggered the block and the policy categories that were violated.
• Latency metrics: How long each evaluation took, useful for diagnosing performance issues.
• Error events: Any failures in communicating with the GA guardrail endpoint, which could indicate network issues or authentication problems.

For teams that want centralized monitoring, you can forward these logs to your SIEM or logging platform. The log format is structured JSON, making it easy to parse with tools like Datadog, Splunk, or the ELK stack.

What’s Next?What’s Next?

Now that MCP Guard is configured, your MCP clients are protected from prompt injection attacks. The proxy will automatically intercept and analyze all tool calls for potential security risks.

To deepen your security posture, consider these next steps:

• Read the MCP Guard prompt injection protection overview to understand the full range of threats MCP Guard protects against and the proxy architecture in detail.
• Explore the GA Guard AI guardrails SDK to add content-level moderation to your applications alongside MCP-level protection.
• Use the AI Red Teaming platform to proactively test your AI systems for vulnerabilities before attackers find them.

Getting HelpGetting Help

If you need assistance:

1. Documentation Search: Use the search bar at the top to find specific topics
2. Join the Community: Join the General Analysis Discord  to connect with other users and devs to get help
3. Contact Support: Reach out to our team at [email protected]
4. Schedule a Demo: Book an AI security consultation  with our experts
5. Learn about the broader agentic AI threat landscape: OWASP Top 10 for Agentic AI