One in Four MCP Servers Risk AI Agent Code Execution

One in four MCP servers pose a serious security risk for AI agents. A new whitepaper from Noma Security reveals that many enterprise deployments of AI are vulnerable to code execution threats. The research highlights a significant observability gap. While defenders can track some actions, many Skills operate in a way that makes it hard to see what they do once loaded into an agent’s context. This lack of visibility can lead to irreversible damage. Researchers analyzed hundreds of MCP servers and found most include high-risk capabilities, with many enterprise environments running over a hundred of these risky tools. The most common risk? The ability of agents to change state or data, which can result in serious issues from both attacks or errors. What's alarming is that when certain capabilities combine, the potential for damage multiplies. For instance, sensitive data leakage can occur when untrusted input connects with external communication, leading attackers to gain access to confidential information. This matters because as AI continues to integrate into our daily operations, understanding these risks is crucial for protecting sensitive data and maintaining trust in technology.