MCP agent has become an integral part of the expansion of AI, but comes with its weaknesses.
Model Reference Protocol (MCP), developed by anthropic and released as an open standard in 2024, is an AI agent (or agent) and the actual (absolute) standard method of ensuring a consistent and safe interface between the data source (or source). It specifies how to interact in a safe and audio manner with AI agent equipment, other agents, data and reference whenever required. As a result, effective agent is a fundamental requirement for AI.
But like all software, MCP has areas that can be misbehaved by malicious actors. This month a potential attack on the calendar integration of the chatgpt was described, inviting an email calendar to give the chatgpt to the gelbreak, in which no user needed interaction.
AI-expert firm aporsa has now published an analysis Top 25 MCP weaknessesThe MCP is described as the most wide ‘for analysis of weaknesses’.
Owasp is known to plan its own top ten for MCP, but it is not yet available and is limited to Will (probably) to ten weaknesses. APVersa is not trying to compete with Owasp, but today agents to provide immediate assistance to AI solutions to develop and implement solutions. “We will release Owasp/CSA/Nist, and CTO, co-founder and CTO of Alex Polycov (APVERSA AI), and are planning to contribute this work to Owasp MCP effort.” Security,
The basic adversa table of weaknesses includes a link for a recommended ‘official’ name (plus common AKAS), an impact score, an exploitation rating and an additional third party explanatory information. Impact classification score is significant (full system compromise or RCE) to lower (only information disclosure); While the level of exploitation is from trivial (can only be exploited with basic knowledge – no special skills other than access to a browser), very complex (only theoretical, or nation state resources require).
The ranking figure is developed through a waiting algorithm: 40% effect + 30% exploitation capacity + 20% prevalence + 10% therapeutic complexity. This will surprise anyone that the early injection remains the right storm: a combination of significant effects with insignificant exploitation and ranked as #1 vulnerability. Less famous MCP preference manipulation attack (MPMA) is with low impact and ranked on very complex exploiter #24-but still a vulnerability.
“We plan to update the document monthly, or whenever new events or CVE requires immediate updates,” Polycov explained. For further reading, the document mistakes for the first detail of a vulnerability. However, he said, these links are not permanent. “We will update and expand ‘reading’ further when a clear or more rigorous source emerges, and record it to Changelog.”
But the document is not just a list of dangers – it also provides a practical safety and mitigation checklist including ‘immediate’; A ‘Defense In-Deepth Strategy’, and a ‘mitigation timeline’.
Immediate stages include: “Input verification is mandatory – 43% of the unsafe MCP server for command injection is incompetent. Connprint and clean all the inputs.”
The defense strategy includes four layers: protocol levels, application levels, AI-specific rescue and infrastructure. Examples in examples ‘Apply TLS for all communications’ (protocol level), and ‘use parameters for database operations’ (application level).
The mitigation timeline extends over a period of three months, which ‘implements authentication at all exposed points’ (immediate) and’ immediately) and ‘begins with redisine architecture for zero-trust models’ (in three months).
APVersa has prepared the first full guide for MCP weaknesses that probably affects today’s hottest area – manual human intelligence to automated artificial intelligence switch. This guide is designed to help understand the complete complexity included in IT and security departments.
Connected: AI agent collects $ 5.5 million to secure authentication
Connected: Wild West of Agentic AI – An attack surface can’t ignore Sisos
Connected: Beyond Jenai: Why agent AI RSA 2025 had real conversation
Connected: How hackers manipulate agents AI with Prompt Engineering
