Kaspersky warns that the Model Context Protocol (MCP), an open-source AI integration standard, poses significant security risks. Developed by Anthropic in 2024, MCP could be exploited by cybercriminals to steal sensitive information or execute malicious actions, exacerbating supply chain attack vulnerabilities. Mohamed Ghobashy from Kaspersky highlights that the current enthusiasm for AI tools may lead businesses to adopt unverified MCP use, risking catastrophic data breaches. In controlled tests, Kaspersky’s Global Emergency Response Team demonstrated how a rogue MCP server could siphon critical data such as passwords and API tokens. Although no active attacks have been reported, the potential for backdoor installations and ransomware is concerning. Kaspersky recommends organizations rigorously vet MCP servers, operate them in isolated environments, and monitor for unusual activity. Utilizing managed security services like Kaspersky Managed Detection and Response (MDR) is advised to enhance defenses against emerging AI-enabled cyberthreats.
Source link
