I’m thrilled to sit down with Andy Thomas, the CEO and founder of KYND, a London-based firm at the forefront of cyber risk analysis. With the release of their groundbreaking white paper, “MCP: The Hidden Frontier of AI-Driven Cyber Risk,” Andy has become a leading voice in highlighting how Model Context Protocol (MCP) is reshaping the cyber threat landscape for insurers and businesses alike. Today, we’ll dive into the unique vulnerabilities introduced by MCP, its ripple effects through digital ecosystems, and the urgent steps the insurance industry must take to adapt to this fast-evolving frontier.
How does MCP stand out as a unique cyber threat, particularly with its role as a connective layer in digital ecosystems, and can you share a specific example of how a flaw in MCP could disrupt a company’s operations?
Thanks for diving into this topic. MCP, or Model Context Protocol, is a game-changer because it acts as the glue between AI models and an organization’s digital ecosystem, enabling real-time interaction with data, tools, and applications. This connectivity is powerful but also a double-edged sword—its open, interconnected nature creates an attack surface that can be exploited with devastating effects. Imagine a retail company using an AI assistant integrated via MCP to streamline inventory management; if a flaw in the protocol allows an attacker to access that system, they could manipulate stock data, leading to massive operational chaos or even financial fraud. I’ve seen businesses scramble to respond to such risks, often by conducting urgent audits of their AI integrations and tightening access controls, but it’s a stark reminder that security frameworks are still playing catch-up with the pace of AI adoption.
Can you expand on how MCP exposure spreads through digital supply chains and amplifies risks across multiple insureds and portfolios, perhaps with a real-world scenario that illustrates the scale of this challenge?
Absolutely, the interconnectedness of MCP is both its strength and its Achilles’ heel. Because it links systems across organizations, a vulnerability in one company’s MCP setup can cascade through partners, suppliers, and clients, impacting entire digital supply chains. Picture a scenario where a logistics provider using MCP-integrated AI tools suffers a breach—attackers could exploit that connection to infiltrate connected retail or manufacturing firms, potentially affecting dozens of insured entities in a single insurer’s portfolio. This isn’t just a theoretical concern; we’ve observed how a single flaw can ripple outward, creating a domino effect of exposure. At KYND, we’re helping insurers by providing cyber intelligence tools that map these shared dependencies, allowing them to spot vulnerabilities early and prioritize risk mitigation before a small issue snowballs into a systemic threat.
You’ve noted an increase in MCP-related attacks, such as manipulating AI models. Can you walk us through a specific type of attack you’ve seen, how attackers exploit weaknesses like overly broad permissions, and what businesses can do to protect themselves?
Certainly, one alarming trend we’re seeing is attackers targeting MCP servers with overly broad permissions or misconfigured access controls. In a case we analyzed, hackers gained entry through an MCP interface that hadn’t been properly secured, allowing them to extract sensitive customer data and even alter records to appear as legitimate system updates. The fallout was brutal—the business faced not only financial losses but also a reputational hit that lingered for months, as trust eroded among clients. It felt like watching a house of cards collapse in slow motion. To prevent this, companies need to enforce strict access controls, regularly audit their MCP configurations, and adopt a zero-trust security model to verify every interaction. It’s not just about locking the door; it’s about ensuring no one even gets near the porch without scrutiny.
KYND recommends ongoing monitoring across portfolios due to the rapid evolution of MCP-enabled tools. How does this approach differ from traditional risk assessments, and can you guide us through how insurers can integrate this into their processes?
Traditional risk assessments often rely on static snapshots—evaluating an organization’s security posture at a single point in time, which is like trying to navigate a storm with an outdated map. MCP-enabled tools evolve so quickly that a company’s risk profile can shift in days, making ongoing monitoring essential. At KYND, we advocate for a dynamic approach where insurers continuously track cyber intelligence across their portfolios. The process starts with integrating real-time data feeds to detect changes in MCP-related vulnerabilities, followed by mapping shared dependencies to understand systemic risks. Then, insurers can use automated alerts to flag emerging threats and prioritize interventions. We’ve seen this make a tangible difference—for instance, one insurer identified a critical MCP flaw in a key client’s system before it was exploited, saving potentially millions in claims and reinforcing trust with their policyholders. It’s about staying ahead of the curve rather than reacting after the damage is done.
Why is updating policy language to cover AI-related incidents so critical in the context of MCP, and can you share an example of outdated language that might leave gaps in coverage?
Updating policy language is non-negotiable in this new landscape because MCP and AI-driven risks don’t fit neatly into traditional cyber insurance frameworks. Many older policies focus on data breaches or malware but fail to address AI-specific threats like model manipulation or systemic failures through MCP connections. For example, I’ve seen policies that define a ‘cyber incident’ narrowly as unauthorized access to data, which wouldn’t cover a scenario where an attacker uses MCP to poison an AI model, leading to flawed decision-making and financial loss. The ambiguity can leave insurers and clients in a legal gray area, arguing over coverage while losses mount. To adapt, insurers need to explicitly include language around AI system integrity and third-party dependencies, working with cyber experts to craft clauses that anticipate these novel risks. It’s a challenging but vital step to ensure resilience—watching a client face uncovered losses due to outdated wording is a gut punch we can’t afford to keep taking.
What is your forecast for the future of MCP and AI-driven cyber risks in the insurance sector?
Looking ahead, I believe MCP and AI-driven risks will become a central focus for the insurance sector, as more businesses integrate these technologies without fully grasping the vulnerabilities they introduce. We’re likely to see an uptick in sophisticated attacks targeting MCP as a gateway, pushing insurers to rethink risk selection and pricing models entirely. On the flip side, I’m optimistic that advancements in cyber intelligence and continuous monitoring will empower insurers to stay proactive, turning potential crises into manageable challenges. My forecast is that within the next few years, insurers who fail to adapt—whether through updated policies or tech-driven risk assessment—will struggle to remain competitive, while those who embrace this hidden frontier will lead the market. It’s a high-stakes pivot, but the industry has always evolved with the times, and I’m confident we’ll rise to meet this moment.