International Journal of Open Information Technologies

The Model Context Protocol (MCP) is an open standard that allows developers to create secure, two-way connections between data sources and AI-powered tools. The architecture, as stated by Anthropic, is simple: developers can either expose their data through MCP servers or build AI-powered applications (MCP clients) that connect to these servers. The protocol claims to be a new standard for connecting AI agents (AI agents or artificially intelligent agents) to data storage systems, including content repositories, business tools, and development environments. Agents, by their most basic definition, are some autonomous systems that use artificial intelligence techniques to achieve their goals. The goal of MCP is to help advanced models produce better, more relevant answers. MCP is intended to become the basis for the Internet of AI Agents. The protocol has quickly gained popularity due to its ease of use and the benefits it provides for using AI. At the same time, it should be said that MCP was developed primarily based on the ideas of functionality, not security. Its use creates new fundamental vulnerabilities and expands attack surfaces. This is where the risks of generative models of AI agents and the vulnerabilities of the MCP ecosystem software come together. This article is devoted to the vulnerabilities of the MCP ecosystem to cyberattacks. The work is a continuation of a series of publications devoted to the security of AI agents.

Model Context Protocol (MCP) https://docs.anthropic.com/en/docs/mcp Retrieved: Jul, 2025.

Model Context Protocol (MCP): Understanding security risks and controls https://www.redhat.com/en/blog/model-context-protocol-mcp-understanding-security-risks-and-controls Retrieved: Jul, 2025

MCP Servers: The New Security Nightmare https://equixly.com/blog/2025/03/29/mcp-server-new-security-nightmare/ Retrieved: Jul, 2025.

Awesome MCP Servers https://mcpservers.org/ Retrieved: Jul, 2025

MCP Session Management https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#session-management Retrieved: Jul, 2025

Hou, Xinyi, et al. "Model context protocol (mcp): Landscape, security threats, and future research directions." arXiv preprint arXiv:2503.23278 (2025).

Claude https://claude.ai/ Retrieved: Jul, 2025

The AI Code Editor https://cursor.com/ Retrieved: Jul, 2025

Grok https://grok.com/ Retrieved: Jul, 2025

MCP transport Session Management https://modelcontextprotocol.io/specification/2025-06-18/basic/transports Retrieved: Jul, 2025

Hasan, Mohammed Mehedi, et al. "Model Context Protocol (MCP) at First Glance: Studying the Security and Maintainability of MCP Servers." arXiv preprint arXiv:2506.13538 (2025).

Campbell, G. Ann, and Patroklos P. Papapetrou. SonarQube in action. Manning Publications Co., 2013.

Invariant Lab. 2025. Introducing MCP-Scan: Protecting MCP with Invariant. https://invariantlabs.ai/blog/introducingmcp-scan Retrieved: Jul, 2025

Narajala, Vineeth Sai, and Idan Habler. "Enterprise-grade security for the model context protocol (mcp): Frameworks and mitigation strategies." arXiv preprint arXiv:2504.08623 (2025).

Kumar, Sonu, et al. "Mcp guardian: A security-first layer for safeguarding mcp-based ai system." arXiv preprint arXiv:2504.12757 (2025).

Li, Zhihao, et al. "We Urgently Need Privilege Management in MCP: A Measurement of API Usage in MCP Ecosystems." arXiv preprint arXiv:2507.06250 (2025).

Cloudflare MCP server https://github.com/cloudflare/mcp-server-cloudflare Retrieved: Jul, 2025

5 Critical MCP Vulnerabilities Every Security Team Should Know https://www.appsecengineer.com/blog/5-critical-mcp-vulnerabilities-every-security-team-should-know Retrieved: Jul, 2025

Namiot, Dmitry, and Eugene Ilyushin. "On assessing trust in Artificial Intelligence systems." International Journal of Open Information Technologies 13.3 (2025): 75-90.

Namiot, Dmitry, and Eugene Ilyushin. " On the Cybersecurity of AI Agents." International Journal of Open Information Technologies 13.9 (2024): 43-60.

Agentic AI – Threats and Mitigations https://genai.owasp.org/resource/agentic-ai-threats-and-mitigations/ Retrieved: Jun, 2025

Multi-Agentic system Threat Modeling Guide v1.0 https://genai.owasp.org/resource/multi-agentic-system-threat-modeling-guide-v1-0/ Retrieved: Jun, 2025

An Introduction to Google’s Approach to AI Agent Security https://storage.googleapis.com/gweb-research2023-media/pubtools/1018686.pdf Retrieved: Jun, 2025

AI Agents Are Here. So Are the Threats. https://unit42.paloaltonetworks.com/agentic-ai-threats/ Retrieved: Jun, 2025

Suhomlin, Vladimir Aleksandrovich. "Koncepcija i osnovnye harakteristiki magisterskoj programmy" Kiberbezopasnost'" fakul'teta VMK MGU." International Journal of Open Information Technologies 11.7

(2023): 143-148.

Kuprijanovskij, V. P. Demistifikacija cifrovoj jekonomiki / V. P. Kuprijanovskij, D. E. Namiot, S. A. Sinjagov // International Journal of Open Information Technologies. – 2016. – T. 4, # 11. – S. 59-63. – EDN WXQLIJ.

Namiot, D. E. Ataki na sistemy mashinnogo obuchenija - obshhie problemy i metody / D. E. Namiot, E. A. Il'jushin, I. V. Chizhov // International Journal of Open Information Technologies. – 2022. – T. 10, # 3. – S. 17-22. – EDN DZFSKQ.