{"id":80401,"date":"2025-09-24T15:09:53","date_gmt":"2025-09-24T12:09:53","guid":{"rendered":"https:\/\/gulftech-news.com\/en\/?p=80401"},"modified":"2025-09-24T15:09:55","modified_gmt":"2025-09-24T12:09:55","slug":"kaspersky-warns-open-source-ai-connector-could-be-abused-by-cyberattackers","status":"publish","type":"post","link":"https:\/\/gulftech-news.com\/en\/2025\/09\/24\/kaspersky-warns-open-source-ai-connector-could-be-abused-by-cyberattackers\/","title":{"rendered":"Kaspersky warns open-source AI connector could be abused by cyberattackers"},"content":{"rendered":"\n

Kaspersky has found that Model Context Protocol (MCP) could be weaponized by cybercriminals as a supply chain attack vector, potentially leading to harmful impacts, including, but not limited to the leakage of password, credit card, cryptowallet and other types of data. In their new research, Kaspersky experts show the concept of an attack and share mitigation measures for businesses who integrate AI tools into their workflows.<\/strong><\/p>\n\n\n\n

Open-sourced by Anthropic in 2024, the Model Context Protocol <\/u><\/a>(MCP) is a standard that gives AI systems, especially LLM-based apps, a consistent way to connect to external tools and services. For instance, organizations may use it to let LLMs search and update documents, manage code repositories and APIs, or access CRM, financial, and cloud data.<\/p>\n\n\n\n

Like any open-source tool, MCP can be abused by cybercriminals. In their new research, Kaspersky Emergency Response Team experts built a proof-of-concept that simulates how attackers might abuse an MCP server. <\/p>\n\n\n\n

This was to demonstrate how the supply chain attacks can unfold through the protocol and to showcase the potential harm that might come from running such tools without proper auditing. Performing a controlled security lab test, they simulated a developer workstation with a rogue MCP server installed, ultimately harvesting such sensitive data types as:\u00a0 \u00a0<\/p>\n\n\n\n