Open-sourced by Anthropic in 2024, the Model Context Protocol (MCP) is a standard that gives AI systems, especially LLM-based apps, a consistent way to connect to external tools and services.
For instance, organizations may use it to let LLMs search and update documents, manage code repositories and APIs, or access CRM, financial, and cloud data.
Kaspersky has found that Model Context Protocol (MCP) could be weaponized by cybercriminals as a supply chain attack vector, potentially leading to harmful impacts, including, but not limited to, the leakage of passwords, credit cards, cryptowallets, and other types of data. In their new research, Kaspersky experts show the concept of an attack and share mitigation measures for businesses that integrate AI tools into their workflows.
Like any open-source tool, MCP can be abused by cybercriminals.
In their new research, Kaspersky Emergency Response Team experts built a proof-of-concept that simulates how attackers might abuse an MCP server. This was to demonstrate how supply chain attacks can unfold through the protocol and to showcase the potential harm that might come from running such tools without proper auditing. Performing a controlled security lab test, they simulated a developer workstation with a rogue MCP server installed, ultimately harvesting such sensitive data types as:
- Browser passwords
- Credit card data
- Cryptocurrency wallet files
- API tokens and certificates
- Cloud configurations and more
“Supply chain attacks remain one of the most pressing threats in the cybersecurity space, and the potential weaponization of MCP we demonstrated follows this trend. With the current hype around AI and the race to integrate these tools into workflows, businesses may lower their guard and, by adopting a seemingly legitimate but unproven custom MCP, perhaps posted on Reddit or similar platforms, end up suffering a data leak. This underscores the importance of a strong security posture. In our new white paper, we share the technical details of this potential attack vector along with measures to help avoid falling victim,” says Mohamed Ghobashy, Incident Response Specialist in the Kaspersky Global Emergency Response Team.
