Machine Learning

The Model Context Protocol is Brilliant (And Dangerously Insecure)

Josh @ AL

20 Jan 2026 — 15 min read

If you've been paying attention to the AI space lately, you've probably heard about the Model Context Protocol, or MCP. Released by Anthropic in November 2024, it's being hailed as a game-changer for AI integrations—and honestly, it kind of is. It's like the USB standard for AI applications, creating a universal way for language models to connect to data sources, tools, and services.

But here's the uncomfortable truth: MCP is also a security nightmare waiting to happen.

Don't get me wrong—the protocol itself is elegantly designed. The problem is that we're taking a technology that already has significant security challenges (LLMs) and giving it standardized access to everything: your databases, your APIs, your file systems, your cloud infrastructure. It's the AI equivalent of handing out skeleton keys and hoping everyone uses them responsibly.

In this post, we'll dive into what MCP is, how it works, and most importantly, the security vulnerabilities that are already being exploited in the wild. We'll cover prompt injection attacks, tool poisoning, shadow MCP servers, privilege escalation, and the defense strategies you absolutely need to implement if you're deploying this in production.

Let's get into it.

One-Pixel Attacks: Why Computer Vision Security Is Broken

State-of-the-art image classifiers can identify thousands of objects with near-human accuracy. They power self-driving cars, medical diagnostics, and security systems. But a 2019 paper by Su et al. proved something unsettling: you can make these systems completely misclassify an image by changing a single pixel. Not photoshopping the whole thing.

7 Prompt Injection Defenses That Actually Work (and 3 That Don't)

Most companies are defending against prompt injection completely wrong. They're either doing nothing—hoping OpenAI or Anthropic will magically fix the problem—or they're implementing security theater that wouldn't stop a determined 12-year-old with a ChatGPT account. Here's the uncomfortable reality: if

GPT-OSS Safeguard: What It Actually Does (And Common Mistakes to Avoid)

GPT-OSS Safeguard isn't just "Llama Guard but from OpenAI." It's a policy-following reasoning model - you write the safety rules, it interprets them at inference time. That flexibility is powerful for custom policies, but deploy it wrong and you'll be out of compute fast.

Llama gaurd in a retro-theme stopping hackers from abusing an AI system

Llama Guard: What It Actually Does (And Doesn't Do)

Llama Guard isn't a firewall. It's not antivirus for your prompts. And if you're treating it like either, you're probably leaving gaps in your AI security.

Read more

One-Pixel Attacks: Why Computer Vision Security Is Broken

7 Prompt Injection Defenses That Actually Work (and 3 That Don't)

GPT-OSS Safeguard: What It Actually Does (And Common Mistakes to Avoid)

Llama Guard: What It Actually Does (And Doesn't Do)