A Single Partner for Everything You Need With more than 450 technology partners in its ecosystem, Optiv provides clients with best-in-class security technology and solutions that equip organizations to detect and manage cyber threats effectively and efficiently in today's growing attack surface. Optiv's Partner of the Year Awards recognize forward-thinking innovation, performance and growth, and unparalleled technology solutions.
We Are Optiv Security Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Model Context Protocol Servers: Friend or Foe? Breadcrumb Home Insights Blog Model Context Protocol Servers: Friend or Foe July 07, 2026 As AI adoption accelerates across the enterprise, new integration layers are emerging just as quickly. One of the most talked-about is the Model Context Protocol (MCP), a flexible standard that connects AI models to tools, data and services. From a security lens, MCP presents a classic dilemma: Is this architecture a force multiplier for security or a new attack surface waiting to be exploited? The answer, as with most emerging technologies, is both. The “Foe” Side: Why MCP Feels Risky At its core, MCP introduces a powerful yet potentially dangerous pattern: remote procedure calls driving AI decisioning and execution. The concern is simple: MCP servers themselves lack a built-in security model. That should trigger immediate red flags. Expanded attack surface – Misconfigured MCP servers resemble exposed web services with broad reach and impact Data exfiltration risk – Weak controls can allow sensitive data to leave the environment undetected Token and tool interception – The integration layer can be a target for credential and session hijacking Supply chain exposure – Unverified tools introduce risk similar to insecure third-party dependencies Opaque decisioning – AI-driven workflows may execute actions without transparent oversight if not properly governed In other words, MCP defaults to foe when implemented without controls. This is not hypothetical. It mirrors the early days of other technologies we know, like APIs, cloud services and SaaS, where speed outpaced security. The Turning Point: Implementation Determines the Outcome Here’s the critical insight: MCP security is entirely dependent on how it is implemented. This is where the friend vs. foe paradigm shifts. Without guardrails → FoeWith intentional design → Friend For CISOs and security managers, MCP represents a familiar challenge: It is not inherently insecure It is inherently under-secured by default The “Friend” Side: Turning MCP into a Control Point With the right architecture, MCP can evolve from a liability into a central enforcement layer for AI interactions. Think of it not just as an integration mechanism, but as an opportunity to embed Zero Trust, identity and policy enforcement directly into AI workflows. Here’s how the transformation happens: 1. Control the Inputs and Outputs AI is only as safe as the data it processes. Validate prompts and outputs Detect secrets, credentials and personally identifiable information (PII) Isolate content execution Without this, MCP remains a foe via prompt abuse and data leakage. With it, it becomes a friend enforcing data governance at runtime. 2. Establish a Trusted MCP Registry Uncontrolled service discovery is dangerous. A trusted registry ensures: Identity and provenance verification Classification of servers by risk (internal, partner, experimental) Runtime validation via hashes, versions and integrity checks This is the difference between: Foe: Unknown services dynamically introduced Friend: A curated, continuously validated ecosystem 3. Enforce Cryptographic Trust Across Layers Security must exist at every interaction boundary: Demonstrating Proof-of-Posession (DPoP) to bind tokens to applications mTLS for transport security Workload identity in cloud environments Full logging of sessions and data access This converts MCP from a permissive RPC mechanism into a trusted execution fabric. 4. Use Short-Lived, Scoped Identity Identity is your strongest control surface. Issue short-lived OAuth tokens Scope permissions tightly per tool Limit token reuse window Without this → tokens become a foe via persistence riskWith this → identity becomes a friend, enforcing least privilege 5. Insert an API Gateway for Governance MCP servers do not enforce security by design, but API gateways do. Platforms like Azure APIM, Kong or Apigee provide: Policy enforcement Visibility into interactions Rate limiting and access control From a security architecture standpoint, this is non-negotiable. 6. Apply Traditional AppSec Discipline Despite being ‘AI-native,’ MCP servers still require classic controls: Container isolation Restricted OS access Disabled debugging interfaces Strong input validation This reinforces an important principle: AI systems do not replace AppSec, they amplify the need for it. 7. Adopt Zero Trust Fully Every MCP server should be treated as untrusted: Continuous authentication and verification No dynamic loading from unknown sources Strict registry governance This is where MCP becomes a friend aligned to Zero Trust architecture, rather than a blind trust layer. 8. Detect the Unexpected MCP-driven workloads should be predictable. Monitor for anomalies: Unusual API patterns Unexpected data volumes Abnormal tool chaining Suspicious geolocation or encoding behavior Detection is what turns inevitable risk into manageable risk. Final Perspective: Friend or Foe? Let’s be clear: MCP is neither inherently dangerous nor inherently secure. It is a force multiplier. Poorly implemented → multiplies risk (foe) Intentionally secured → multiplies control (friend) This should feel familiar. We have seen this pattern before: Web apps APIs Cloud platforms Each started as a perceived threat and became foundational once security caught up. The Bottom Line MCP becomes a “friend” when it is treated as part of the control plane — not just a connectivity layer. Yes, the controls may feel extensive. But they are not new; they are the same principles we have applied to every high-risk integration. And in this case, the payoff is significant: Secure AI orchestration Centralized enforcement Visibility into AI-driven actions Reduced operational risk Discover how Optiv helps organizations strengthen MCP deployments and reduce the risk of real‑world exploitation. By: Brian Golumbeck Director, Strategy and Risk Management | Optiv Brian Golumbeck is a Practice Director within Optiv Risk Management and Transformation Advisory Services Practice. He has a history of leading challenging projects and building dynamic high impact teams. Mr. Golumbeck’s 25+ years working in Information Technology, include 20+ years as an information security professional. Brian is a Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC), Certified Information Security Manager (CISM), Certificate of Cloud Security Knowledge (CCSK), EXIN/ITSMf ITIL Foundations, and Lean Six Sigma – Greenbelt. Share: data privacy Data Protection data privacy week Optiv About Optiv Security: Secure greatness.® Optiv is the world’s largest pure-play cybersecurity company. With unmatched technology partnerships and deep technical expertise, Optiv securely enables the AI era for more than 6,000 clients. From financial services and health care, to government, energy and retail, organizations trust Optiv to advise, deploy and operate cybersecurity programs that reduce risk and deliver real results. Learn why Optiv is the most trusted brand in cyber at optiv.com.
About Optiv Security: Secure greatness.® Optiv is the world’s largest pure-play cybersecurity company. With unmatched technology partnerships and deep technical expertise, Optiv securely enables the AI era for more than 6,000 clients. From financial services and health care, to government, energy and retail, organizations trust Optiv to advise, deploy and operate cybersecurity programs that reduce risk and deliver real results. Learn why Optiv is the most trusted brand in cyber at optiv.com.