MCP’s biggest security loophole is identity fragmentation

Whenever a new technology appears, it’s usually two steps forward, one step backward. The backward step is usually security-related. Such is the story with AI, and more specifically, Model Context Protocol (MCP). Innovation keeps on running ahead of security.

On the one hand, MCP servers have been a boon to engineers. LLMs can now speak in ‘common tongue’ to each other, to data sources, tools, and even people. They can connect to data they wouldn’t otherwise have access to, beyond training data or what’s public online.

Usually, that means data in private systems belonging to companies. That’s so useful actually for better-behaved AI that MCP adoption may be far more widespread than most people realize, with over 15,000 MCP servers worldwide according to Backslash Security.