MCP: The AI Protocol Quietly Expanding Your Attack Surface | UpGuard

In February 2026 researchers reported that the SmartLoader malware operation shifted to target developer environments by abusing the Model Context Protocol (MCP); MCP-enabled AI hosts can automatically trust and connect to public MCP servers, and a malicious server can execute actions with the developer's permissions, enabling exfiltration of browser passwords, cloud tokens, and SSH keys. The report describes MCP's three-component architecture (host, server, client), highlights the large number of unvetted public MCP servers, and recommends immediate discovery and governance steps to understand exposure.