The “S” in MCP Stands for Security

April 8, 2025

🤖 What Is MCP and Why Should You Care?

MCP, short for Model Context Protocol, is the hot new standard behind how Large Language Models (LLMs) like Claude, GPT, or Cursor integrate with tools and data. It’s been described as the “USB-C for AI agents.”It allows agents to:

  • Connect to tools via standardized APIs
  • Maintain persistent sessions
  • Run commands (sometimes too freely)
  • Share context across workflows

But there’s one big problem…⚠️ MCP is not secure by default.

And if you’ve plugged your agents into arbitrary servers without reading the fine print — congrats, you may have just opened a side-channel into your shell, secrets, or infrastructure.

Source: The “S” in MCP Stands for Security | by Elena Cross

MCP (Model Context Protocol) is the talk of the town.

But there’s a little (ok potentially giant) security issue, as Elena Cross details.

Related videos

Thumbnail for What’s Happening in TLS?

What’s Happening in TLS?

Mark Nottingham

Thumbnail for Taking Front-End Security Seriously

Taking Front-End Security Seriously

Paul Theriault

Thumbnail for CORS: Cross Domain Requests for Javascript

CORS: Cross Domain Requests for Javascript

Michael Neale

Thumbnail for Hack Yourself First

Hack Yourself First

Troy Hunt

Thumbnail for 5 Things You Need to Know About Web Security

5 Things You Need to Know About Web Security

Troy Hunt

Thumbnail for 2FA, WTF?

2FA, WTF?

Phil Nash

Thumbnail for Securing the Web in 2018

Securing the Web in 2018

Erwin van der Koogh

Thumbnail for Building secure web experiences with Passwordless Authentication

Building secure web experiences with Passwordless Authentication

Matthew Kairys