June 1, 2025

306 - Fresh Caught MCP

A lot of people seem to love MCP, and they do a decent impression of a Cocker Spaniel and leak everywhere when they start talking about it, but like anything that comes out of hashtag#Anthropic, you can guarantee with virtually 100% reliability that it is BS. Here is just one example of an attack method that broke it, and generalized to break other models too.

From a cybersecurity perspective, any of these artificially unintelligent systems is going to have a virtually infinite attack space, and any hand-engineered BS is only going to cause new attacks to flow around that structure, blocking nothing, only changing the flow. That change also isn't compatible with any previous changes, meaning that every update also breaks any previous measures that were taken, to varying degrees, making the overhead cost virtually infinite and one that may grow as fast as attackers can learn.

From 2019-2022, when our previous research system ran "in the wild" and set numerous milestones that still leave it standing alone at the cutting edge to this day, we were hit with many cyberattacks. The overwhelming majority of those attacks would target hashtag#Microsoft, the least secure systems managed by the least competent company. That was before Microsoft began to intentionally compromise their systems with "AI integrations" from one of the two most obvious frauds in the industry, Scam Altman, the other being Dario Amodei (a subject for another post). Now the number of backdoors and persistent compromise vectors have exploded beyond any realistic point of recovery.

As I sit here now, it has been over 72 hours since Microsoft royally f***ed up the lowest possible bar of security that they could hope to meet, email system management, and they've done exactly nothing, despite claiming "4-8 hours" and "highest priority". When the event occurred they gave no notice, warning, or explanation. They didn't start any ticket or raise any flags until we (repeatedly) contacted their customer service, online and by phone, along every channel that worked (most of which do not work at all). I was ironically informed just after it happened by a source with privileged information that Microsoft was currently under siege by both cyberattacks and fake tickets, so many more companies may expect the same and far worse, as many aren't wise enough to secure their confidential assets elsewhere.

MCP isn't secure, nor is much of anything produced or managed by Anthropic, Microsoft, or OpenAI. Cybercrime remains the 3rd largest market in the world, set to top $10 trillion USD per year annually in 2025 (Statistica). If someone uses MCP for "customer service" then it may be systematically exploited by the same bad actors bombarding Microsoft with fake tickets, but to far greater effect.

You absolutely do need people in your company who take cybersecurity seriously.