Secure MCP servers to safeguard AI and corporate data
Model Context Protocol servers act as bridges between AI models and enterprise resources. But they can also give threat actors the keys to the castle if not secured.
The deployment of AI for business use cases has become a major enterprise priority. But to reap AI's potentially game-changing productivity and innovation benefits, organizations must connect large language models to their internal data and services. Enter Model Context Protocol (MCP) servers, which act as middlemen or bridges between LLMs and corporate tools.
Anthropic created the MCP open standard in late 2024 without native role restrictions or access controls, leaving security up to users. In the rush to realize agentic AI's business value, many organizations have deployed MCP servers without proper safeguards. In one recent analysis, researchers found nearly 2,000 MCP servers with no security controls, exposing AI systems and corporate data to the open web.
What makes MCP servers useful for businesses also makes them attractive targets for attackers: They have access to important, often sensitive, digital assets and enable privileged actions. It is therefore critical for CISOs and their teams to implement appropriate security measures -- policies, practices and controls -- to block unauthorized access, defend against arbitrary command execution, prevent data loss and ensure compliance.
MCP server security best practices
Effective cybersecurity always requires the right combination of human intelligence, defined processes and technology controls. Protecting MCP servers is no different. Consider the following best practices.
Implement a zero-trust strategy
Because MCP servers often have access to treasure troves of private corporate data, they should be subject to zero-trust policies.
Because MCP servers often have access to treasure troves of private corporate data, they should be subject to zero-trust policies. CISOs must enforce the principle of least privilege, allowing only authenticated and authorized entities to communicate with MCP servers. Data classification; fine-grained, just-in-time permissions policies; continuous monitoring; and strong governance help ensure that access is limited to only human users, AI agents, devices and workloads that need it, and only when they need it.
Maintain AI audit trails
Organizations need to maintain audit trails of all AI activity, both for compliance and ongoing threat detection. Doing so is especially important when working with high-value data and in critical operating environments. Privileged access management with dynamic credential provisioning can help prevent data theft while also ensuring detailed logs of human and nonhuman user activity.
Manage, monitor and isolate MCP servers
Enterprise security teams must continuously assess MCP server vulnerabilities by reviewing configurations, capabilities and access permissions and hardening against threats such as prompt injection.
Consider platforms that provide contextual security intelligence at the AI orchestration layer to help security practitioners better engineer environments for risk management and compliance purposes. Enterprises can also containerize and sandbox MCP servers to minimize damage if they are compromised.
Inarguably, the most important factor in establishing solid MCP server security remains the human element. As MCP server technology and security standards continue to emerge and evolve, enterprises will need seasoned teams that can bring their foundational experience and judgement to bear.
Amy Larsen DeCarlo has covered the IT industry for more than 30 years, as a journalist, editor and analyst. As a principal analyst at GlobalData, she covers managed security and cloud services.
