How MCP expands attack surface for LLMs and enterprise systems

The Model Context Protocol (MCP) is a standardized framework that bridges LLMs and enterprise systems with seamless automation. That bridge also expands the attack surface in ways defenders often overlook. In our latest Threat Labs blog, we explore two subtle, but devastating vectors: indirect prompt injection and RUG Pull attacks. Read the blog.

A new tool called EDR-Redir has emerged, allowing attackers to redirect or isolate the executable folders of popular Endpoint Detection and Response (EDR) solutions.

A new tool called EDR-Redir has emerged, allowing attackers to redirect or isolate the executable folders of popular Endpoint Detection and Response (EDR) solutions. https://lnkd.in/dW5bZVUV

Excellent analysis by my colleagues James Dyer and Lucy Gee at KnowBe4 Threat Labs. They show how attackers are exploiting public “Contact Us” and booking forms to trigger automated, authenticated emails, then using those trusted messages to phish thousands of targets. Key takeaway: domain authority and proper formatting no longer guarantee authenticity, add a zero-trust layer to email defenses and review webform workflows. A valuable read for security leaders, product owners, and anyone who runs public webforms. Check out the full analysis here: https://lnkd.in/eYvftm5v

“We’ll set up proper tracing once the infra is stable.” “We’ll set up the observability stack next quarter.” During my chats with engineering teams, I often hear these statements. I always ask them, “Did you implement MFA for login?” You know the answer. Of course, who would be stupid enough to skip MFA in 2025. The same logic should apply to observability (It’s 2025 for god sake!!) Each delayed sprint quietly builds observability debt.  Without proactive instrumentation, visibility shrinks while the tech stack expands. During cyber incidents or downtime, you end up debugging a distributed, asynchronous, multi-layered system with limited visibility across components. These situations are costly in terms of mean time to recovery (MTTR), lost confidence, wasted effort, and delayed recovery. Because when things go south, it’s the observability you invested in before the incident that determines how fast you recover. #observability

The API attack surface is now the number one blind spot for enterprises! Legacy defenses fail here, built for perimeter traffic, not business logic. An attacker with valid credentials can exploit simple logic flaws to bypass your firewall without a single alert. Don't just scan for known CVEs. Hyperfence AI-augmented VAPT simulates real-world attacker sequences, testing the integrity of your core business logic (authentication, authorization, and data flow). Proactive risk validation is the only way forward. Is your API logic truly secure? Learn more: https://lnkd.in/d4PaHuKd #Hyperfence #VAPT #APIsecurity #vulnerabilitymanagement #penetrationtesting

If you need to get up to speed on Model Context Protocol (MCP), this OWASP GenAI Security Project guide is a great place to start. From the guide: "The Model Context Protocol (MCP) is an open protocol that standardizes how LLM/agent hosts connect to external tools, data, and prompt templates via a server. By connecting models to systems such as databases, APIs, and internal applications, MCP unlocks powerful automation and allows AI to perform actions beyond text generation. However, it also presents a new attack surface that could open organizations up to malicious attacks. Since tools can execute code, access files, and make network calls, a compromised MCP stack can lead to data theft, malicious code execution, and system sabotage." https://lnkd.in/eNY24nRY

Major upgrade to the ATT&CK framework. Most notably a shift on the defensive side to providing more behavior-focused guidance. https://lnkd.in/eHbmVXsZ

MCP Security isn’t just about protecting data "it’s about safeguarding trust between agents, tools, and the external world". In this article, we try to understand the exploit playbook threatening MCP-based systems: from prompt injections to supply-chain rugpulls and outline architectural defenses like MCP Gateways and context sanitation that can secure next-gen AI agents. Special Thanks to Sir Vitor Balocco, Cofounder - Runlayer LINK: https://lnkd.in/g56zsQMS