MCP won’t stop AI from surrendering sensitive data to hackers
Whenever a new technology appears, it’s usually two steps forward, one step backward. The backward step is usually security-related. Such is the story with AI, and more specifically, Model Context Protocol (MCP). Innovation keeps on running ahead of security.
On the one hand, MCP servers have been a boon to engineers. LLMs can now speak in ‘common tongue’ to each other, to data sources, tools, and even people. They can connect to data they wouldn’t otherwise have access to, beyond training data or what’s public online.
Usually, that means data in private systems belonging to companies. That’s so useful actually for better-behaved AI that MCP adoption may be far more widespread than most people realize, with over 15,000 MCP servers worldwide according to Backslash Security.
But like any tech, MCP can be exploited. Hundreds of MCP servers were recently found to leak sensitive data and facilitate remote code execution attacks due to incomplete or inadequate access controls. Trend Micro even says threat actors could target hardcoded credentials in MCP servers. Any veteran engineer could have seen that coming from a mile away.
‘How to secure MCP’ is therefore a question many enterprises and security teams will ask. But hackers do not attack protocols directly, which makes the better question this: how do you make your underlying infrastructure, of which MCP is one part, more resilient against common attack vectors like phishing?Hackers don’t attack protocols – they attack mistakes
Almost every attack, excepting the odd zero-day exploit, begins with a mistake, like exposing a password or giving a junior employee access to privileged data. It’s why phishing via credentials abuse is such a common attack vector.
It’s also why the risk of protocols being exploited to breach IT infrastructure doesn’t come from the protocol itself, but the identities interacting with the protocol.
Any human or machine user reliant on static credentials or standing privileges is vulnerable to phishing. This makes any AI or protocol (MCP) interacting with that user vulnerable, too.
