Enterprise environments are undergoing change due to increased adoption of generative AI (GenAI) applications. According to a recent Gartner analysis, by 2028, 25% of enterprise GenAI applications are expected to experience at least five minor security incidents per year, up from 9% in 2025.
This shift is linked to increased adoption of technologies such as Model Context Protocol (MCP). While MCP is designed to support interoperability and faster integration, security considerations may not always be the primary focus, which can increase exposure to risk.
As organisations implement frameworks like MCP, security considerations require proactive planning. Potential risks include data exposure incidents and vulnerabilities in third-party components. Software engineering leaders are expected to address these risks by establishing structured security review processes. These may include prioritising lower-risk use cases, mitigating known threat patterns, and enabling domain experts to define security guardrails.
MCP is designed to prioritise interoperability rather than built-in security enforcement, which means issues may arise during normal usage. Risks are more likely in cases where agents access sensitive data, process untrusted content, or communicate externally. Engineering teams are advised to treat combinations of these factors as high-risk scenarios.
Recommended approaches include collaboration between data, security, and infrastructure teams to establish formal security reviews for MCP use cases. This includes identifying low-risk applications and excluding higher-risk combinations. Security controls such as authentication and AI-specific authorisation are also highlighted, along with mitigations for issues such as content injection and oversight of third-party components.
Addressing MCP-related security risks also involves awareness of common vulnerability patterns, including content injection and supply chain risks, and applying established mitigation practices to reduce exposure.
In addition, domain-based ownership is identified as an important factor in defining security controls for MCP environments. As agentic AI systems become more complex, managing access and compliance becomes more challenging. Domain experts are expected to define usage guardrails and secure-by-default controls before granting access to systems and data.
