The US National Security Agency (NSA) has released new security guidance warning organizations to be careful when using the Model Context Protocol (MCP), a fast-growing technology that helps artificial intelligence (AI) systems connect with different tools and automate tasks.
While MCP is making AI systems more powerful and useful, the agency said weak security practices could expose users and organizations to serious cyber risks.
According to the NSA, MCP has become “the de facto standard” for communication across many AI-driven services and is now being used in sectors including finance, law, software development and business.
Why the NSA is Raising Concerns
MCP allows AI systems to work across multiple services to complete complex tasks automatically. The NSA used the example of a travel assistant that can organize an international trip by gathering visa details, recommending flights and creating an itinerary using several tools at once.
However, the agency warned that the protocol’s quick rise has “outpaced the development of its security model,” leaving gaps that attackers may exploit.
In a report, the NSA noted that, unlike traditional systems, MCP often allows servers to query and execute actions for connected clients, creating “new and largely not well-traced attack paths”.
Security Risks Tied to AI Automation
NSA warned that the fast-growing AI protocol MCP may expose organizations to cyber risks, urging stronger safeguards for AI automation systems.
PICRYL
The NSA highlighted several risks associated with MCP systems, including weak access controls, poor approval processes, insecure data handling, missing audit logs and vulnerabilities that could allow attackers to hijack sessions or inject malicious instructions.
The agency warned that some MCP systems do not require strong authentication or clear permission settings, increasing the risk of sensitive data being exposed or misused.
It also pointed to real-world examples where poorly secured MCP tools were exploited to access private information or run harmful commands.
To reduce risks, the NSA urged organizations to adopt stronger safeguards rather than rely only on the protocol itself.
The report recommends choosing trusted MCP projects, separating sensitive systems, validating tool inputs, limiting what AI tools can access and closely monitoring activity through logging and detection systems.
“MCP represents a promising, but still maturing, foundation for agentic AI,” the agency said, adding that organizations should proceed carefully and apply “heightened scrutiny” as AI automation becomes more common.
