Applying Zero Trust To MCP In AI Systems
Varonis, Tuesday, March 24th, 2026
Model Context Protocol (MCP) has quickly become a foundational building block for agentic AI. By standardizing how AI agents discover tools, retrieve context, and take action, MCP makes it dramatically easier to connect models to real systems. That ease of integration is exactly why teams are adopting it so quickly - and exactly why security teams are uneasy.
MCP wasn't designed to be dangerous. It was designed to be flexible. And as with most flexible integration layers, security risks don't come from one obvious flaw but from how many small, reasonable decisions can combine into something exploitable.
A return to the office
To make this concrete, consider a familiar workplace analogy - assuming you've returned to the office.
Imagine an office building where employees badge in to each area, like the lobby, conference rooms, and supply closets. This badge also grants access to resources or services, such as elevators and printers. None of those permissions individually seems risky.