Back to all posts

Why MCP Agents Are the Next Cyber Battleground

Or Oxenberg
Or Oxenberg
April 16, 2025
7
min read
Why MCP Agents Are the Next Cyber Battleground

AI agents are having their breakout moment. Autonomous copilots are no longer just prototypes—they’re being deployed across every layer of the modern stack. From cloud resource orchestration to CRM integration, agents are executing real tasks, acting independently, and relying on the Model Context Protocol (MCP) to access real-time, contextual data across systems.

This new paradigm promises to break down data silos, automate cross-platform workflows, and unlock exponential productivity. But it also introduces a radical shift in the security landscape.

At the heart of this shift is MCP—the connective layer enabling agents to interact with the real world, and as MCP usage explodes, so too does its attack surface.

What is MCP, and Why Does It Matter?

The Model Context Protocol (MCP) is an open standard that defines how LLMs and applications share context. Think of it as a USB-C port for AI applications—a standardized way to connect AI models to different data sources and tools.

MCP allows AI agents to:

  • Access data through Resources (file contents, database records, API responses)
  • Execute actions through Tools (functions that can be called by LLMs)
  • Utilize pre-designed workflows through Prompts (reusable templates)
  • Request completions from LLMs through Sampling

This architecture enables powerful integrations but also creates new security considerations as agents gain access to sensitive systems.

Identity Explosion: 50,000 People Managing 100 Million Agents

NVIDIA CEO Jensen Huang describes a future where companies have 50,000 human employees managing 100 million AI assistants. This is not hypothetical; it’s happening fast.

The math is sobering:

  • MCP’s initial release in late 2024 flew under the radar.
  • By early 2025, over 1,000 MCP servers were live.
  • GitHub activity soared: over 33,000 stars, thousands of forks.
  • Giants like Google, OpenAI, and Microsoft quickly integrated MCP into their ecosystems.
  • Claude Desktop, Claude Code, Cursor, and dozens of other clients now supporting MCP integrations.

As a result, machine identities are exploding:

  • IAM frameworks struggle to scale with the surge.
  • Agents are hard to track, hard to authenticate properly, and dangerously easy to impersonate.
  • The traditional security playbook of user directories and manual provisioning simply can’t keep pace.

As agent deployments grow exponentially, so too does the complexity of managing these machine identities. Without robust controls, even a single compromised agent can become a backdoor into sensitive systems.

This is identity sprawl on steroids, and we’re only at the beginning.

From Convenience to Chaos: The Dark Side of MCP Agent Adoption

Protocols like MCP are surging across GitHub, with thousands of open-source servers popping up virtually overnight. Developers love its simplicity and power: spin up an MCP server, grant model access to tools like Slack, Google Drive, Jira, and you're off to the races.

But the convenience masks an urgent security crisis. OWASP’s recent Agentic AI Threats and Mitigations list spells it out clearly:

  • Insecure context injection: Agents can be misled through manipulated inputs.
  • Unauthorized actions: Agents trigger high-privilege workflows without oversight.
  • Supply chain compromises: Community-built agents and servers introduce hidden vulnerabilities.

The velocity of innovation is exciting—but without robust security, it’s also perilous. And that’s where organizations are sleepwalking into risk.

Shadow Agents: The New Generation of Shadow IT

The ease of spinning up MCP agents creates a shadow ecosystem. Developers can hook agents into critical infrastructure in minutes—often without security approval or centralized monitoring.

By early 2025, more than 10K community-deployed MCP servers were live. Many integrate with sensitive tools. But unlike sanctioned services, these agents fly below the radar:

  • Unapproved access to internal tools like GitHub, Confluence, and GCP.
  • No audit trail for actions taken across systems.
  • Cross-boundary data flow with no DLP or zero-trust enforcement.

At Lasso, we say: If you can’t see it, you can’t secure it. The MCP boom has created a world full of invisible agents with powerful access—and no visibility for security teams with lack of logging and monitoring. Without visibility into tool usage or model-tool interactions, detection and investigation of misuse becomes nearly impossible.

Human Oversight Doesn’t Scale, and That’s a Problem

Today’s agents require extensive permissions to operate: read/write access to files, admin-level API access, permission to take autonomous action. Human teams are expected to:

  • Define scopes and boundaries
  • Monitor activity continuously
  • Intervene when things go wrong

But the scaling imbalance is staggering. A single team might oversee dozens of agents today. But in a year, that number could be in the thousands or millions. Humans can’t match the scale or speed of agent proliferation, leaving massive oversight gaps.

Agents may be autonomous. But they are not inherently secure.

Identity Sprawl at Machine Speed

The MCP ecosystem introduces a novel security challenge: massive machine identity sprawl. With each new agent comes a new identity to authenticate, authorize, monitor, and manage.

But existing IAM systems were never designed for this:

  • Agents are ephemeral and hard to pin down.
  • Machine credentials are often over-permissioned and poorly rotated.
  • Impersonation and privilege escalation are dangerously easy.

The Insecure Foundations of MCP Frameworks

MCP isn’t inherently insecure. But today, its implementations often are. Designed for interoperability, not security, many MCP agents and servers are deployed without basic guardrails:

  • No encryption for data in transit
  • No authentication for third-party extensions
  • No sandboxing or scoped permission controls
  • No built-in audit logging and monitor

The result? Agent frameworks act like rootkits, bridging models directly into sensitive enterprise systems, with few controls and fewer safeguards.

Introducing the Lasso MCP Security Gateway

Lasso’s MCP Gateway is purpose-built to secure this new agentic landscape. It’s the first open-source security gateway designed specifically for MCP-based AI agents, giving organizations the visibility, control, and governance they need.

With the Lasso MCP Gateway, security teams can:

Agnostic Guardrails

  • Apply configurable security filters to both requests and responses.
  • Prevent sensitive data exposure before information reaches your agent.
  • Work consistently across all connected MCPs, regardless of their native capabilities.
  • Support multiple guardrail plugins, including Basic (for token masking), Presidio (for PII detection), and Lasso (for comprehensive AI safety).

Advanced Tracking

  • Provide usage analytics and pattern identification for optimization.

Unified Visibility

  • Provide a comprehensive dashboard for all MCPs in a single interface for Lasso for Agent customers. 

In our product roadmap, we will include:

  • Intelligent risk assessment with MCP risk scoring. 
  • Deliver real-time status monitoring and performance metrics.

Enterprise Readiness 

  • Empower the community to add key enterprise features to MCP.
  • support STDIO transport implementation

It’s not about slowing down innovation—it’s about scaling it safely.

Conclusion: Scale the Future, Securely

MCP simplifies AI-to-tool integrations across agentic workflows, enabling developers to build powerful LLM agents faster than ever. Many companies, such as OpenAI and GitHub (via Microsoft, have adopted MCP along with thousands of community-led efforts, pushing MCP’s high adoption rates. 

MCP is the backbone of the agentic future. But backbones need fortification. With Lasso’s MCP Gateway, organizations can adopt agents with confidence, knowing they have real-time visibility, automated enforcement, and zero-trust architecture built in.

We’ve seen this story before with the cloud. This time, let’s build it right from day one. And it’s open-source!

👉 Get it on GitHub: https://github.com/lasso-security/mcp-gateway/
👉 Get it on Smithery: https://smithery.ai/server/@lasso-security/mcp-gateway
👉 Get it on MCP Servers: https://mcp.so/server/MCP%20Gateway/lasso-security

Embrace the agentic future. But do it securely, with Lasso.

Book a demo

Related articles

Lasso Research Reveals 13% of Generative AI Prompts Contain Sensitive Organizational Data

Lasso Research Reveals 13% of Generative AI Prompts Contain Sensitive Organizational Data

All
Research
April 14, 2025
Read More
Denial of Service (DoS) and Denial of Wallet (DoW) Attacks: Emerging Threats in GenAI Security

Denial of Service (DoS) and Denial of Wallet (DoW) Attacks: Emerging Threats in GenAI Security

All
LLM Security
April 2, 2025
Read More
Strengthening LLM Security from the Get-Go: Autonomous Red Teaming in Action

Strengthening LLM Security from the Get-Go: Autonomous Red Teaming in Action

All
Product
March 23, 2025
Read More

Seamless integration. Easy onboarding.

Schedule a Demo
cta mobile graphic
Text Link
Or Oxenberg
Or Oxenberg
Text Link
Or Oxenberg
Or Oxenberg