Help Net Security

One in four MCP servers opens AI agent security to code execution risk

Anamarija Pogorelec · 1 day ago · Read original ↗

ATT&CK techniques detected

1 predictions

T1195.001Compromise Software Dependencies and Development Tools

48%

“data leakage chains together untrusted input, sensitive data access, and external communication. contextcrush is the example : a developer using cursor asks for coding help, the agent pulls documentation from a poisoned context7 library, and the hidden instructions tell it to rea…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into a model’s reasoning context, where their effect depends on conversational state and cannot be enumerated the way source code can. Noma Security’s new whitepaper draws a line between the two and argues that most organizations have governed only the … More →

The post One in four MCP servers opens AI agent security to code execution risk appeared first on Help Net Security.