Model Context Protocol (MCP).

An open protocol introduced by Anthropic in late 2024 that standardizes how LLM clients connect to external tools, data sources, and prompts via servers, making MCP servers a primary security boundary for agentic AI. It belongs to the AI & ML Security category of cybersecurity.

An open protocol introduced by Anthropic in late 2024 that standardizes how LLM clients connect to external tools, data sources, and prompts via servers, making MCP servers a primary security boundary for agentic AI.

Model Context Protocol (MCP) is an open specification first released by Anthropic in November 2024 and rapidly adopted across the industry as the default way to plug LLM clients (Claude Desktop, Claude Code, IDEs, agent runtimes) into external capabilities. An MCP server exposes a typed set of tools, resources, and prompts, while an MCP client mediates which servers a model can talk to and how. From a security perspective, MCP servers concentrate three high-risk powers in one place: they can read sensitive data (databases, files, Slack, Drive), trigger side effects (write APIs, deployments, payments), and inject text into the model's context window. This makes MCP a primary attack surface for agentic AI: malicious MCP servers, tool-poisoning, indirect prompt injection via returned content, over-broad consent prompts, and lack of capability scoping are all active concerns. Defensive practices include signed/curated server catalogs, per-tool capability scopes, human approval for write tools, output sanitization, and treating any MCP server you did not write as untrusted.

Defences for Model Context Protocol (MCP) typically combine technical controls and operational practices, as detailed in the full definition above.

Common alternative names include: MCP, MCP protocol.