Why Model Context Protocols Are The Next AI Security Blind Spot
SC Media, Thursday, September 4th, 2025
AI agents are moving from novelty to infrastructure at record speed. In the race to make them more capable, developers are bolting on Model Context Protocols (MCPs) - plugins that act as connectors between agents and the APIs, tools, or execution environments they control.
They're the part of the AI stack that turns a prompt into action. That's also where the danger lives.
Pynt recent research analyzed 281 real-world MCP configurations from open agent frameworks and plugin stacks. On the surface, many looked safe. But when studied how they interacted, the risk picture changed dramatically: seemingly harmless plugins, when combined, created invisible attack surfaces capable of high-impact exploits with no human in the loop. And these aren't theoretical 'lab condition' vulnerabilities. We found agents in the wild that could be exploited by a single crafted email, Slack message, or piece of HTML scraped from the web, leading directly to silent code execution.