11 Emerging AI Security Risks with MCP (Model Context Protocol)

This Checkmarx report analyzes security risks introduced by the Model Context Protocol (MCP), describing its host/client/server architecture and cataloging 11 emerging threat categories—including prompt injection, tool and schema poisoning, confused-deputy authorization flaws, supply-chain/typosquatting attacks, context/configuration poisoning, credential exposure, and excessive privilege abuse—illustrating each with examples and mitigations; it emphasizes that MCP extends traditional AppSec and supply-chain concerns into AI-driven interactions and recommends applying secure coding, least-privilege, validation, provenance checks, and AI-aware threat modeling to secure the ecosystem.