“That is the AI equal of name-squatting a package deal registry, besides there’s no central MCP authority verifying server id and no cryptographic hyperlink between an MCP server and the group it claims to signify,” says Brad Micklea, CEO at Jozu, an AI safety and MLOps platform. “This breaks the belief mannequin earlier than the MCP is deployed.”
MCP servers — which permit AI brokers and chatbots to hook up with knowledge sources, instruments, and different companies — have lately develop into the goal of assorted (for instance in opposition to Cursor’s built-in browser) and sustained malicious assaults. Locking down these techniques to reduce dangers has develop into a precedence for enterprise CISOs.
“These servers expose instruments, reminiscence, and APIs to AI brokers to allow them to carry out duties,” says Zahra Timsah, PhD, CEO of i-GENTIC AI, an agentic AI governance platform. “If an attacker inserts a poisoned instrument, modified connector, or malicious retrieval supply into that chain, the AI agent can unknowingly execute it.”
