AI/ML, Identity

MCP deployments face access control blindspot

The rapid adoption of Model Context Protocol is giving enterprises powerful new ways to connect AI systems with data sources and tools, but it is also exposing serious security gaps, according to TechRadar Pro.

While more than 15,000 MCP servers are in use, researchers from Backslash Security and Trend Micro warn that misconfigured or weakly protected deployments have already led to data leaks and even remote code execution attacks.

Experts note that the real danger does not stem from the protocol itself but from poor identity management, as attackers often exploit stolen credentials or over-privileged accounts to impersonate users, databases, or even AI agents. MCP lacks inherent access controls, making fragmented identities across hybrid IT environments a critical blind spot.

Security leaders argue that protecting MCP requires unified identity management, elimination of static credentials, and cryptographic, just-in-time authentication.

"Identity is the true battleground," analysts caution, emphasizing that reducing mistakes in access control is key to defending AI-integrated infrastructure.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds