Model Context Protocol (MCP) – an open-source AI connectivity protocol, announced by Anthropic in 2024 – allows large language models (LLMs) to connect directly to external tools and services such as search, source code management, API access, CRM data, finance or cloud. However, like any open-source tool, MCP can be exploited for malicious purposes.
In the lab, Kaspersky’s Gert Emergency Response Team (GERT) simulated a scenario where a malicious MCP server was installed on a developer’s computer, collecting passwords, credit cards, cryptocurrency wallets, API tokens, cloud configurations, and other data. Users were easily fooled because they did not notice any unusual signs. Although Kaspersky has not recorded any real-life incidents, this risk is completely feasible, not only to steal data but also to install backdoors, spread malware, or extort money.
In the study, Kaspersky used Cursor as a hypothetical AI client that connects to an MCP that is being turned into an attack tool, but the method can be applied to any LLM. Cursor and Anthropic have been notified.
Mohamed Ghobashy, Incident Response Specialist at Kaspersky's Global Emergency Response Team (GERT), said: "Supply chain attacks remain one of the most serious threats today. In the context of AI being heavily integrated into workflows, businesses are easily complacent when using unverified custom MCPs downloaded from forums. This increases the risk of data leakage and shows the need to build a solid defense system."
In the new White Paper, Kaspersky provides a detailed analysis of the attack techniques and countermeasures. The full report is available on Securelist. GERT also makes a number of recommendations:
First, it is important to thoroughly vet every MCP server before use, ensure it is scanned and approved, and maintain a whitelist of authenticated servers.
Second, limit access by running MCP in a container or virtual machine, granting permissions only to necessary directories, and separating development and production environments to prevent risk from spreading.
Third, monitor for unusual behavior by logging all prompts and responses, detecting hidden instructions or strange operations such as unexpected SQL commands or inappropriately sent data.
In addition, businesses should deploy Kaspersky security services such as Managed Detection and Response (MDR) or Incident Response, to provide continuous protection, detect and investigate incidents, and support even units lacking specialized personnel.
According to Kaspersky, in the AI era, maintaining vigilance, strictly controlling new tools and combining comprehensive security solutions will be key for businesses to protect themselves against increasingly sophisticated supply chain threats.
Source: https://nld.com.vn/canh-bao-nguy-co-tan-cong-moi-loi-dung-giao-thuc-ket-noi-ai-ma-nguon-mo-196250924152722129.htm
![[Photo] Prime Minister Pham Minh Chinh attends the groundbreaking ceremony of two key projects in Hai Phong city](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/27/6adba56d5d94403093a074ac6496ec9d)
Comment (0)