“That is the AI equal of name-squatting a bundle registry, besides there’s no central MCP authority verifying server identification and no cryptographic hyperlink between an MCP server and the group it claims to signify,” says Brad Micklea, CEO at Jozu, an AI security and MLOps platform. “This breaks the belief mannequin earlier than the MCP is deployed.”
MCP servers — which permit AI brokers and chatbots to hook up with knowledge sources, instruments, and different providers — have lately develop into the goal of various (for instance towards Cursor’s built-in browser) and sustained malicious assaults. Locking down these methods to attenuate dangers has develop into a precedence for enterprise CISOs.
“These servers expose instruments, reminiscence, and APIs to AI brokers to allow them to carry out duties,” says Zahra Timsah, PhD, CEO of i-GENTIC AI, an agentic AI governance platform. “If an attacker inserts a poisoned device, modified connector, or malicious retrieval supply into that chain, the AI agent can unknowingly execute it.”
