Model Context Protocol continues to face persistent security challenges.
When MCP vulnerabilities were first highlighted by VentureBeat last October, the findings were concerning. Research from Pynt revealed that the deployment of just 10 MCP plug-ins poses a 92% risk of exploitation, with even a single plug-in carrying significant security threats.
The underlying issue remains unchanged: MCP was initially released without mandatory authentication, with authorization frameworks only introduced six months after widespread implementation. Merritt Baer, chief security officer at Enkrypt AI, cautioned that MCP’s insecure defaults could lead to long-term security repercussions if authentication and least privilege measures are not implemented from the outset.
Recent developments have confirmed these concerns, with the emergence of new threats related to the adoption of Clawdbot, a popular personal AI assistant running on MCP. The lack of authentication in MCP has exposed companies to significant risks, as highlighted by security experts like Itamar Golan.
The proliferation of MCP servers without proper authentication has created a fertile ground for exploitation, as evidenced by the discovery of critical vulnerabilities such as CVE-2025-49596, CVE-2025-6514, and CVE-2025-52882. These vulnerabilities underscore the fundamental security flaws in MCP’s design, emphasizing the importance of prioritizing authentication and security measures.
As the attack surface expands, organizations must address the inherent risks associated with MCP implementations. Vulnerability assessments have revealed a range of security issues, including command injection flaws, unrestricted URL fetching, and unauthorized file access.
To mitigate these risks, security leaders are advised to take proactive measures, such as conducting inventory assessments, enforcing authentication protocols, restricting network exposure, and preparing for prompt injection attacks.
The gap between developer enthusiasm for AI agents like Clawdbot and the lack of adequate security governance poses a significant challenge for organizations. It is crucial for enterprises to prioritize securing their MCP infrastructure to prevent potential exploitation by malicious actors.
This article has been updated to reflect the rebranding of Clawdbot to Moltbot.
