Pynt Sounds Alarm on Rising Security Risks from MCP Servers in AI Systems

Research findings indicate MCPs are an expanding threat surface that enterprises must urgently recognize as a new attack vector.
72% of MCPs exposed at least one sensitive capability, ranging from basic file operations to cloud app APIs, capable of performing sensitive operations.

‍

Tel Aviv & San Francisco, July 30, 2025 - Pynt, the AI-powered API security platform, today released research showing Model Context Protocol servers (MCPs) represent a heightened threat as more organizations allow LLMs to connect with external services, tools and data pipelines to handle complex tasks, and run AI processes independent of human oversight.

Download the research, Quantifying Risk Exposure Across 281 MCPs

While a single MCP server carries a 9% exploitation risk, integrating multiple MCPs creates a compounding threat that escalates rapidly. Two MCPs increase the risk to 36%, while three push it beyond 50%. Systems with five or more MCPs face a likelihood exceeding 70%. This growth pattern reveals a critical vulnerability: as developers embrace greater modularity and expand their plugin ecosystems, they unknowingly amplify their security exposure with each additional component.

Research Key Findings

●     72% of MCPs exposed at least one sensitive capability, ranging from basic file operations to cloud app APIs, capable of performing sensitive operations

●     13% of MCPs accepted inputs from untrusted sources, delivering malicious content into the agent’s processing pipeline without direct access to the system

●     9% of MCPs combined both above traits — making them fully exploitable with no human approval

●     52% of MCP systems composed of three MCP servers were found to be at high risk

“The research shows that MCPs are a distinct and growing threat surface that security leaders must immediately address,” said Pynt Chief Security Scientist and Co-Founder Golan Yosef. “These are real-world, functioning MCP setups that would allow an attacker to supply a payload and trigger its execution using the tools exposed to the MCP itself. These aren’t theoretical flaws - they are live exploitable configurations that we found in the wild with measurable attack paths.”

MCPs are designed to be powerful, flexible, and modular, making them excellent tools for chaining actions across plugins and APIs. They also inherit the permissions, capabilities, and content of every service they integrate with. Security teams often focus on the individual components of an AI agent setup but the actual danger lies in what happens when those components are interacting with one another.

“Securing APIs was the first step, but now, as AI agents take action through toolchains, we’re seeing a shift toward securing the execution layer itself,” said Pynt CEO and Co-Founder Tzvika Shneider. “MCP security is the natural next evolution of API security, and it’s arriving faster than most teams realize.”

Pynt researchers analyzed 281 popular MCP setups, sourced from public documentation and well-known open-source agent frameworks. For each MCP, researchers examined two key dimensions: whether it exposed a sensitive capability, and whether it processed input from an untrusted source. Risk levels were classified based on the presence and combination of these factors with "high risk" assigned to any MCP that included both.

Pynt’s agent-based solution is designed specifically to address MCP-related vulnerabilities, giving teams visibility and control over AI agent chains and tool usage. Security teams can identify risky agent-tool compositions, validate MCP configurations, and apply essential guardrails, like permission isolation and input validation, before they go live.