diff --git a/yudao-module-ai/yudao-module-ai-server/src/main/java/cn/iocoder/yudao/module/ai/framework/security/config/SecurityConfiguration.java b/yudao-module-ai/yudao-module-ai-server/src/main/java/cn/iocoder/yudao/module/ai/framework/security/config/SecurityConfiguration.java
index a2c1eeee3..0e7a8ad45 100644
--- a/yudao-module-ai/yudao-module-ai-server/src/main/java/cn/iocoder/yudao/module/ai/framework/security/config/SecurityConfiguration.java
+++ b/yudao-module-ai/yudao-module-ai-server/src/main/java/cn/iocoder/yudao/module/ai/framework/security/config/SecurityConfiguration.java
@@ -9,6 +9,8 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
 
+import java.util.Optional;
+
 /**
  * AI 模块的 Security 配置
  */
@@ -16,7 +18,7 @@ import org.springframework.security.config.annotation.web.configurers.AuthorizeH
 public class SecurityConfiguration {
 
     @Resource
-    private McpServerProperties serverProperties;
+    private Optional<McpServerProperties> serverProperties;
 
     @Bean("aiAuthorizeRequestsCustomizer")
     public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
@@ -40,8 +42,10 @@ public class SecurityConfiguration {
                 registry.requestMatchers(ApiConstants.PREFIX + "/**").permitAll();
 
                 // MCP Server
-                registry.requestMatchers(serverProperties.getSseEndpoint()).permitAll();
-                registry.requestMatchers(serverProperties.getSseMessageEndpoint()).permitAll();
+                serverProperties.ifPresent(properties -> {
+                    registry.requestMatchers(properties.getSseEndpoint()).permitAll();
+                    registry.requestMatchers(properties.getSseMessageEndpoint()).permitAll();
+                });
             }
 
         };