Kaspersky Warns Open-Source AI Connector Could Be Exploited as Cyberattack Vector

Kaspersky has issued a warning that the Model Context Protocol (MCP), an open-source standard for connecting AI systems to external tools and services, could be weaponized by cybercriminals as a supply chain attack vector. According to new research by the company’s Global Emergency Response Team, misuse of MCP could lead to severe consequences, including data leaks involving passwords, credit card details, cryptocurrency wallets, API tokens, and cloud configurations.
The Model Context Protocol, introduced by Anthropic in 2024, allows large language models (LLMs) and AI-powered applications to integrate with external platforms such as document repositories, code management systems, CRMs, and cloud services. While it offers convenience and scalability, Kaspersky researchers demonstrated that MCP could also be abused if not properly secured.
In a controlled security lab test, the Kaspersky team simulated a developer environment compromised with a rogue MCP server. The proof-of-concept attack harvested sensitive information while presenting the victim with seemingly legitimate outputs. Although no real-world cases have been detected yet, experts warn that this method could also be used to execute malicious code, deploy backdoors, and launch ransomware attacks.
“Supply chain attacks remain one of the most pressing threats in cybersecurity, and the potential weaponization of MCP follows this trend,” said Mohamed Ghobashy, Incident Response Specialist at Kaspersky. “With the hype around AI adoption, businesses may unknowingly trust unverified MCP servers, leaving themselves vulnerable to data leaks. This underscores the importance of strong security measures.”
Kaspersky has notified both Cursor, the AI client used in the test, and Anthropic about the findings. The company has also published a detailed white paper on Securelist, outlining mitigation strategies:
Vet MCP servers before deployment and maintain a whitelist of approved sources.
Run MCP servers in isolated containers or virtual machines with minimal access.
Log and monitor all interactions to detect suspicious prompts or anomalous behavior.
Consider managed security services such as Kaspersky MDR or Incident Response for comprehensive protection.
As organizations rush to embed AI into workflows, Kaspersky stresses the need for vigilance. Proper auditing, isolation, and monitoring can help businesses avoid becoming targets of emerging MCP-based threats.