RAJADIGLOBAL
Back to Insights
SecureTech Feb 05, 2026 7 min read Rajadi Security Team

MCP Servers: The New Security Blind Spot in Enterprise AI

Model Context Protocol servers are rapidly expanding the attack surface for enterprise AI. Are your pipelines protected from unintended data flows?

The Model Context Protocol (MCP) has rapidly become the de-facto standard for connecting AI agents to external tools, data sources, and APIs. Introduced by Anthropic in late 2024, MCP provides a structured interface that allows AI systems like Claude — and increasingly other models — to invoke external capabilities through a standardized server architecture. The enterprise adoption of MCP-based tooling has been swift. The security implications have been largely overlooked.

What MCP Servers Do and Why They Matter

An MCP server acts as a bridge between an AI agent and a capability — a database, an API, a file system, a code execution environment. When a developer configures their IDE to use an MCP-connected AI assistant, they are effectively giving that AI the ability to read from and write to multiple enterprise systems, mediated by the MCP server layer. The convenience is enormous. The security surface is equally large.

The Attack Vectors Being Exploited

  • Prompt injection via MCP tool responses: Malicious content returned by a tool response can redirect agent behavior.
  • Data exfiltration through log endpoints: MCP servers log extensively — poorly secured log stores become data leak vectors.
  • Credential theft via context window inspection: Credentials injected into the agent's context window can be extracted if the context is transmitted to a compromised MCP server.
  • Supply chain attacks: Malicious MCP server packages distributed through package repositories.

The Rajadi Response

The Rajadi Chat Security Filter extension, initially focused on IDE-level prompt filtering, is being extended to monitor and filter data flows that transit MCP server configurations within the VS Code environment. The goal is to ensure that sensitive data does not enter the agent's context via MCP tool responses, in addition to preventing it from leaving via prompts.

MCP is an extraordinary advancement for AI usability. Without deliberate security architecture, it's also an extraordinary advancement for data exfiltration. The two realities must be addressed simultaneously.

What Organizations Should Do Now

Enterprise security teams should immediately audit every MCP server configured in their AI tooling ecosystem, assess what data sources each has access to, review logging configurations for data sovereignty compliance, and implement filtering at the MCP layer for sensitive data patterns. This is a rapidly evolving attack surface — the organizations that invest in governance now will avoid the breaches that others will experience in the next 18 months.

Related Articles

SecureTech

Why Your AI Coding Assistant May Be Leaking Secrets

SecureTech

Zero-Trust Architecture in the Age of AI Development

AI & Technology

The Agentic AI Revolution: When Software Starts to Think for Itself

Get Started

Let’s Build the Future Together

Ready to scale your enterprise with AI-driven analytics, customized digital ecosystems, and next-generation architecture?