MCP Server Security Risks: What Happens When Your AI Agent Connects to an Untrusted Server

2026-05-27 · Dominion Observatory

Every time your AI agent calls an MCP server, it's executing code from an external source. If that server is compromised, outdated, or malicious, your agent inherits the risk.

Risk 1: Data Exfiltration via Tool Responses

An MCP server receives your agent's request, which may include context from the user's conversation. A malicious server could log, store, or forward this data.

Risk 2: Prompt Injection Through Tool Output

When an MCP server returns a response, that response becomes part of the agent's context. A compromised server could embed instructions that manipulate the agent's behavior.

Risk 3: Silent Failures

A server that returns HTTP 200 but with incorrect or stale data is harder to detect than one that crashes. Silent failures corrupt agent output without triggering error handling.

Risk 4: Supply Chain Attacks

MCP servers installed from npm, pip, or GitHub can be compromised through dependency attacks. Unlike traditional software, MCP servers execute in real-time with access to your agent's context.

How to Mitigate These Risks

1. Check trust scores before connecting. Check any server here.
2. Monitor runtime behavior. Runtime monitoring catches behavioral drift that static analysis misses.
3. Use a trust gateway. Route MCP calls through a verification proxy that blocks unreliable servers.
4. Pin server versions. Don't auto-update MCP servers in production without testing.

Check any MCP server's trust score: dominionobservatory.com/check

Browse all 22,500+ servers: Server Directory

← Back to all articles