![](\"https://images.ctfassets.net/jdtwqhzvc2n1/9vmlCCtpoeF4sQRqjvl1z/c2781b34f70fb08a8b79de113ee58907/final_hero.jpg\")
Anthropic’s Model Context Protocol (MCP) became the fastest-adopted AI integration standard in 2025, thanks to its seamless connectivity. However, this same connectivity has led to a critical blind spot in enterprise cybersecurity.
Pynt’s recent research highlights the escalating threat posed by MCP plugins. Deploying just ten of these plugins results in a 92% probability of exploitation, with the risk exceeding 50% at three interconnected servers. Even a single MCP plugin carries a 9% exploit probability, which increases exponentially with each additional plugin.
The Security Paradox of MCPs
MCP was designed to address the chaos in AI integration, providing a universal interface for AI agents to access various tools and data sources. While this approach gained rapid adoption, especially among industry giants like Google and Microsoft, it lacked built-in security measures. The protocol’s frictionless connectivity, while beneficial for integration, also became its greatest weakness.
Security experts warn that MCP’s lack of authentication and authorization frameworks has created a sprawling attack surface, with each new connection increasing the network effect of vulnerabilities.
According to Merritt Baer, Chief Security Officer at Enkrypt AI, addressing these insecure defaults is crucial to prevent breaches in the coming years.
Compositional Risk and Vulnerabilities
Pynt’s analysis of 281 MCP servers reveals that a significant percentage expose sensitive capabilities and accept untrusted inputs, creating pathways for injections, command execution, and data exfiltration. These vulnerabilities are not theoretical but pose real threats in everyday MCP configurations.
Experts emphasize the importance of understanding the inherent risks in MCP setups, as each connection inherits the security posture of the entire chain.
Real-World Exploits and Vulnerabilities
Security research teams have identified several real-world exploits targeting MCP, such as CVE-2025-6514, The Postmark MCP Backdoor, and CVE-2025-49596. These vulnerabilities highlight the need for robust security measures to mitigate the risks associated with MCP deployments.
Experts recommend implementing comprehensive defense strategies, starting with improving authentication and access controls, deploying semantic layers for contextual security, and utilizing knowledge graphs for enhanced visibility.
Action Plan for Security Leaders
Security leaders with MCP-based integrations are advised to enforce OAuth 2.1, implement layered security architectures, conduct regular audits, limit plugin usage, and invest in AI-specific security as part of their cybersecurity strategy.
