The Model Context Protocol (MCP) is becoming the connective tissue of the AI agent ecosystem. It enables agents to interact with external tools, databases, and services. It's also creating a new class of supply chain risk that most users don't understand yet.
What Is MCP?
MCP provides a standardized way for AI agents to connect with external services. Instead of building custom integrations for every tool, developers create MCP servers that expose functionality through a common protocol. This is powerful — it means any MCP-compatible agent can use any MCP server. But that universality also means that a compromised MCP server can affect every agent that connects to it.
The Numbers Are Concerning
BlueRock Security analyzed over 7,000 MCP servers and found that 36.7% were potentially vulnerable to server-side request forgery (SSRF). In a proof of concept against Microsoft's MarkItDown MCP server, researchers retrieved AWS IAM access keys, secret keys, and session tokens from an EC2 instance's metadata endpoint. A single misconfigured MCP server became a gateway to cloud infrastructure.
Trend Micro independently found 492 MCP servers exposed to the internet with zero authentication. The Coalition for Secure AI (CoSAI) published a white paper identifying 12 core threat categories and nearly 40 distinct threats specific to MCP deployments.
How MCP Extends the Attack Surface
When your AI agent connects to an MCP server, you're trusting that server with your agent's capabilities and your data. A compromised MCP server can intercept data flowing between your agent and external services, modify agent behavior by injecting instructions into tool responses, access any credentials the agent passes through the connection, and use the agent as a pivot point to reach other systems on your network.
This creates a transitive trust problem: you might audit your skills carefully, but if those skills interact with unvetted MCP servers, the security of your setup depends on the weakest link in the chain.
Protecting Your MCP Connections
Only connect to MCP servers from trusted, verified sources. Verify authentication is required — reject any server that accepts anonymous connections. Use network segmentation to limit what resources MCP servers can reach. Monitor traffic between your agent and MCP servers for unexpected patterns. And apply the same update discipline to MCP servers as you would to any other infrastructure component.
The CyberDesserts research team published a comprehensive MCP security guide covering the full threat landscape. For OpenClaw users specifically, our hardening checklist includes network-level controls that help limit MCP exposure.
🛡️ Use Skills You Can Trust
25 pre-audited skill packs · 169 rules · 24 agents. Reviewed by a cybersecurity professional.
Explore Skills Packs →
Last updated: March 4, 2026. ← Back to blog