MCPTotal today launched a hosting service to secure the Model Context Protocol (MCP) servers that are now starting to be more widely deployed to streamline data access for artificial intelligence (AI) applications and agents.

Company CEO Gil Dabah said the Secure Model Context Protocol (MCP) Platform developed by MCPTotal provides a centralized approach to scanning for rogue MCP servers that are being used by cybercriminals to exfiltrate data.

Originally developed by Anthropic, MCP has become a de facto standard for accessing data via a set of servers that are now being rolled out by nearly every provider of an IT platform. While MCP servers facilitate interoperability, they also create yet another platform that needs to be secured.

Based on a hub-and-gateway architecture, the Secure MCP Platform limits deployment of MCP servers using a catalog that, via a simple graphical interface, provides access to hundreds of MCP servers that have been vetted for deployment by cybersecurity professionals.

In addition to providing authentication and credential vaulting, the Secure MCP Platform acts as an AI-native firewall to monitor traffic and enforce policies in real time, said Dabah.

In contrast, legacy security products and newer offerings for securing large language models (LLMs) are not able to monitor MCP traffic and when needed enforce policies, which creates a need for a platform that surfaces supply chain exposures, prompt injection vulnerabilities, rogue MCP servers, data exfiltration, and authentication gaps, said Dabah.

The goal is to provide IT teams with an ability to securely host, monitor and sandbox servers so employees can safely use MCP without manually handling application programming interface (API) keys, he added.

It’s not clear how many rogue MCP servers might already have been deployed, but usage of shadow AI tools, platforms and services is on the rise. Most of them to varying degrees, make it possible for AI agents to access sensitive data. However, it’s also been shown that cybercriminals are already starting to compromise MCP servers to exfiltrate data. Cybersecurity researchers at Koi Security detected malicious code within an MCP server that connects AI systems with Postmark email services. The code covertly copies every email and exfiltrates it back to the entities that created the malicious MCP server that was downloaded 1,643 times before being detected.

It’s more a question of when rather than if additional MCP servers will be compromised. Given the varied types of AI applications and agents being deployed, MCP servers are going to become a honeypot for cyberattacks once adversaries fully appreciate the scope of access they might be able to gain. Unfortunately, many MCP servers are likely to be deployed without cybersecurity teams even being aware they exist until there is an actual incident.

Hopefully, cybersecurity teams will proactively scan for MCP servers that can be replaced with more secure implementations. That approach doesn’t put cybersecurity teams in the awkward position of outright banning an emerging technology that is playing a critical role in enabling the deployment of AI applications, noted Dabah.

One way or another, cybersecurity teams will soon be assuming responsibility for securing MCP servers. Exercising more control sooner than later over which ones are deployed in the first place promises to make rising to that challenge a whole lot easier.