In 2024, Anthropic open-sourced the Model Context Protocol (MCP), enabling AI systems, particularly LLM-based applications, to easily connect with external tools and services. While this enhances functionality—allowing LLMs to search and update documents, manage APIs, and access various data—it also introduces security risks. Kaspersky’s research reveals that cybercriminals could exploit MCP as a supply chain attack vector, potentially leading to serious data leaks, including passwords, credit cards, and crypto wallets. Their Emergency Response Team created a proof-of-concept to illustrate how a rogue MCP server could harvest sensitive information from developer workstations. This highlights the urgency of maintaining robust security measures amid the surge of AI integration into businesses. Kaspersky cautions that adopting unverified MCP implementations, often found on informal platforms, can increase vulnerability to attacks. Their white paper details this threat and offers strategies for organizations to safeguard against potential breaches.
Source link
