Executive summary This blog post provides a security analysis for teams that are building Model Context Protocol (MCP) -exposed services. Most MCP security discussions have so far focused on the agent being diverted to misuse its connected MCP servers.  MCP servers themselves, however, are also direct attack surfaces.  Traditional application security risks apply directly to MCP, with additional considerations . The MCP protocol naturally reveals capabilities and potential business logic attack maps.  MCP tools often use permissive validation to accommodate large language model (LLM) inputs, increasing exposure to injection risks in downstream systems.…