As the use of Model Context Protocol (MCP) accelerates, KYND is calling on the insurance industry to rethink its approach to cyber exposure and increase technical awareness of MCP, as it introduces new systemic risks that cyber insurers can easily overlook.
Cyber risk specialist KYND has released a new white paper, MCP: The Hidden Frontier of AI-driven Cyber Risk, which suggests that the industry is facing a turning point and a new phase of cyber risk as AI becomes embedded in core business operations.
MCP enables AI models to plug directly into an organization’s digital ecosystem, enabling AI systems to securely access and interact with tools, data, and applications in real-time.
KYND acknowledges that this capability is transformative—enabling seamless data sharing and smarter automation—but warns that MCP also introduces a new phase of systemic cyber risk that insurers may easily overlook.
Andy Thomas, CEO and founder of KYND, said: “The AI craze is evolving rapidly and security frameworks are still catching up.
“As the use of MCP accelerates and more companies adopt generative AI solutions, MCP’s exposure is spreading quietly through the digital supply chain.
“Because it acts as a connectivity layer, MCP creates an attack surface where the impact of a single flaw can be amplified across multiple insureds and portfolios.
“Their open, interconnected nature and capabilities that make MCP efficient and scalable can also serve as avenues for exploitation.”
Security researchers have reported an increase in MCP-related attacks, including cases of artificial intelligence models being manipulated. If the MCP server’s permissions are too broad or its access control is misconfigured, malicious queries may be able to extract confidential data or modify records through seemingly legitimate integrations.
KYND added that weaknesses in the infrastructure supporting MCP could also be exploited, giving attackers access to connected systems and potentially exfiltrating sensitive data.
For insurers, MCP risk creates new challenges at both the individual and portfolio levels, making risk selection more complex and increasing the potential for widespread compromise. As the tools supported by MCP evolve rapidly, an organization’s risk profile can quickly become outdated, a situation further exacerbated by the speed of change.
To address these risks, KYND recommends that insurers implement ongoing portfolio monitoring, incorporate richer data into risk selection, and refine policy language around AI-related events.
Thomas added: “Insurers must evolve their approach to adapt to this new era of cyber risk, where risk arises not just from software, but from the behavior and behavior of intelligent systems themselves.
“Underwriters need to not only assess the security of individual organizations, but also understand how shared dependencies increase risk across the market.
“Relying on the right cyber intelligence is critical to identifying emerging risks and taking action before they become systemic risks.”
