MCP: The AI Protocol Quietly Expanding Your Attack Surface | UpGuard

In February 2026 researchers uncovered SmartLoader — a malware operation that has shifted from targeting consumers to developers by abusing the Model Context Protocol (MCP). MCP, a standardized connection layer adopted widely by developer AI tools, allows unvetted external servers to request and act on data with developer privileges; SmartLoader leverages this to exfiltrate browser passwords, cloud tokens, and SSH keys. The report outlines MCP's host/server/client architecture, the large population of unverified MCP servers across public registries, the heightened risk compared to traditional Shadow IT, and provides four pragmatic discovery questions for security teams to quickly assess exposure.