INCIDENT

MCP deployments lack protocol-level security enforcement,...

MCP deployments lack protocol-level security enforcement, creating vulnerability through over-permissioned standing credentials in agent integrations.

Updated: 4/25/2026
high Severity
Status: active

Description

As developers rush to adopt the Model Context Protocol (MCP) to connect their agents to external data, a massive security gap is emerging. Because MCP doesn't enforce security at the protocol level, most servers are being deployed with over-permissioned, standing credentials.

Impact

MCP deployments lack protocol-level security enforcement, creating vulnerability through over-permissioned standing credentials in agent integrations.

Attack Vectors

    Mitigation

      Sources