OWASP Published an MCP Security Guide. You Should Be Worried.

In February alone, OWASP released a secure MCP development guide, Microsoft published MCP security and governance guidance, and VentureBeat reported that MCP adoption is outpacing security controls across the enterprise.

When three separate organizations publish security guidance for the same protocol in the same window, they’re not being proactive. They’re reacting to problems they’re already seeing.

MCP servers are proliferating fast. I’ve published 16 myself. The protocol connects AI assistants to real-world services—databases, email platforms, file systems, APIs. Every connection is a potential attack surface.

The security model is straightforward in theory: MCP servers run locally, the user approves tool calls, permissions are scoped. In practice, most implementations skip the boring parts. Servers request broad permissions because it’s easier. Users approve everything because friction kills adoption. Nobody’s auditing what data flows through the connection.

OWASP’s guide covers the expected ground—input validation, permission scoping, credential management. The fact that they felt the need to publish it means the baseline isn’t being met.

If you’re running MCP servers—whether you built them or installed them:

1. Audit permissions. What can each server actually access? Most request more than they need.
2. Check credential handling. Are API keys stored in environment variables or hardcoded in config files that sync to cloud storage?
3. Review tool approvals. Are you rubber-stamping every tool call, or actually reading what the AI is asking to do?
4. Update your servers. The ecosystem is moving fast. Security patches are landing regularly.

MCP is genuinely useful infrastructure. Useful infrastructure that’s poorly secured is just a convenient attack vector.

The adoption is happening. The security needs to catch up before someone learns this the expensive way.