The security problem nobody is talking about: MCP servers

If you're using Claude Desktop, Cursor, Windsurf, or any other AI coding assistant, there's a good chance you've already connected an MCP server. You may have done it without fully understanding what you handed the AI.

MCP (Model Context Protocol) is the open standard Anthropic built to connect LLMs to real-world tools. It's how Claude reads your filesystem, queries your database, browses the web, and runs shell commands. It's growing fast — there are now thousands of MCP servers for everything from GitHub to Slack to AWS.

The security community hasn't caught up.

What is the actual attack surface?

When an AI agent connects to an MCP server, it reads the server's tool definitions — descriptions, parameter names, and schema metadata. The AI uses this information to decide when and how to call tools.

The security problem nobody is talking about: MCP servers

Other newsrooms on this story

Related reading

I Built a 127-Tool MCP Server From Scratch — Here's What I Learned

Other newsrooms on this story

Related reading

I Built a 127-Tool MCP Server From Scratch — Here's What I Learned

GitHub MCP Security Scanning: How AI Coding Agents Get an Immune System

MCP command execution flaw: what security teams need to know

Manifold Security Just Scored 7,700 MCP Servers. Here's Why That Number Should…

Defense in Depth for MCP Servers

MCP For Software Engineers | Part 1 : Building Your First Server