“Because it acts as a connective layer, MCP creates an attack surface where the impact of a single flaw can be amplified across multiple insureds and portfolios,” says chief executive
The insurance industry faces a “turning point” in its approach to cyber risk as businesses rapidly embed Model Context Protocol (MCP) technology into their operations, KYND has warned.
Publishing its new MCP: The hidden frontier of AI-driven cyber risk white paper in December 2025, KYND said MCP had quietly introduced a layer of exposure that many cyber insurers had yet to recognise or measure.
MCP enables artificial intelligence (AI) models to plug directly into an organisation’s digital environment and retrieve or send live information across tools, applications and datasets. This allows businesses to automate processes, improve decision-making and share data between systems more efficiently.
However, KYND said the protocol’s open and interconnected design meant MCP had become an emerging attack surface.
Early MCP-related compromises had already been observed, including manipulation of AI models through malicious queries, data exfiltration via misconfigured MCP servers and supply-chain breaches involving counterfeit MCP tools.
Andy Thomas, chief executive and founder at KYND, said the industry’s security frameworks were “still catching up” with the pace of AI adoption.
He said: “As MCP usage accelerated, with more companies adopting generative-AI solutions, MCP exposure spreading quietly through digital supply chains. Because it acted as a connective layer, MCP created an attack surface where the impact of a single flaw can be amplified across multiple insureds and portfolios.”
Hidden accumulation
KYND’s white paper highlighted that MCP-driven exposure posed challenges at both an individual and portfolio level. Many policyholders might not realise MCP components were embedded in their AI workflows, while common reliance on shared MCP servers and software development kits increased the risk of a single vulnerability affecting multiple businesses.
Read: Rising cyber attacks in the UK and double-edged role of AI – Cowbell
Read: JLR cyber incident ‘most economically damaging in UK history’
Explore more cyber-related content here, or discover other interview stories here
The firm said this created a new threat of accumulation, similar to previous systemic cyber events such as Log4Shell or SolarWinds, but operating at the application-logic layer rather than through traditional network compromise.
A poisoned connector or compromised MCP module could trigger a cascade of breaches across insured portfolios.
Thomas said underwriters needed to recognise how “shared dependencies multiply exposure across the market”.
He added: “Insurers must evolve their approach to be resilient in this new era of cyber risk, where exposure stems not just from software, but from the actions and behaviours of intelligent systems.”
According to KYND, the pace of change presented an additional challenge for insurers. MCP-enabled tools updated frequently, meaning an organisation’s risk profile could shift significantly within a policy period.
To strengthen the market’s resilience, KYND advised insurers to implement continuous portfolio monitoring, incorporate richer data into risk selection and refine policy wordings around AI-linked incidents to ensure clarity on MCP-related loss scenarios.
Thomas said: “Relying on the right cyber intelligence will be critical in spotting emerging risks – and acting on them before they become systemic.”
No comments yet