Merge pull request #1 from ArthurFlag/ENGDOCS-2645-mcp-security-info

Add MCP security info

Author: ArthurFlag

content/manuals/ai/mcp-catalog-and-toolkit/toolkit.md

@@ -1,6 +1,6 @@
 ---
 title: MCP Toolkit
-description: Use the MCP Tookit to set up MCP servers and MCP clients.
+description: Use the MCP Toolkit to set up MCP servers and MCP clients.
 keywords: Docker MCP Toolkit, MCP server, MCP client, AI agents
 aliases:
   - /desktop/features/gordon/mcp/gordon-mcp-server/
@@ -21,6 +21,34 @@ The Docker MCP Toolkit enables seamless setup, management, and execution of cont
 
 ![Visualisation of the MCP toolkit](/assets/images/mcp_servers.png)
 
+## Security
+
+The Docker MCP Toolkit combines passive and active measures to reduce attack
+surfaces and ensure safe runtime behavior.
+
+### Passive security
+
+- Image signing and attestation: All MCP server images under `mcp/` in the [catalog](catalog.md) 
+  are built by Docker and digitally
+  signed to verify their source and integrity. Each image includes a Software
+  Bill of Materials (SBOM) for full transparency.
+
+### Active security
+
+Security at runtime is enforced through resource and access limitations:
+
+- CPU allocation: MCP tools are run in their own container. They are
+  restricted to 1 CPU, limiting the impact of potential misuse of computing
+  resources.
+
+- Memory allocation: Containers for MCP tools are limited to 2 Gb.
+
+- Filesystem access: By default, MCP Servers have no access to the host filesystem.
+  The user explicitly selects the servers that will be granted file mounts.
+
+- Interception of tool requests: Requests to and from tools that contain sensitive
+  information such as secrets are blocked.
+
 ## Install an MCP server
 
 To install an MCP server: