Hacker News
MCP Servers Are the New Shadow IT: Qualys TotalAI Report Flags Unsecured Enterprise Attack Surface
Qualys TotalAI published a March 19 report identifying MCP servers as an emerging shadow IT vector in enterprise environments, with security teams broadly unaware of which MCP tools employees are self-deploying. The concern is that MCP servers extend agent permissions to external data and code execution surfaces outside existing security policy enforcement. As MCP registries now list 10,000+ public servers, the exposure surface for credential theft, prompt injection, and supply chain compromise has expanded significantly without matching governance tooling.
↳ Follow the thread