As Model Context Protocol (MCP) usage accelerates, KYND is calling on the insurance industry to rethink its approach to cyber exposure and to increase technical awareness of MCP, as it introduces a new class of systemic risk that is easy for cyber insurers to miss.
MCP enables AI models to plug directly into an organisation’s digital ecosystem, allowing AI systems to securely access and interact with tools, data and applications in real time.
KYND acknowledges that this capability is transformative – enabling seamless data sharing and more intelligent automation – but cautions that MCP also brings a new phase of systemic cyber risk that may be easy for insurers to miss.
Andy Thomas, CEO and founder of KYND, said, “The AI boom is happening fast and security frameworks are still catching up.
“As MCP usage accelerates, with more companies adopting generative-AI solutions, MCP exposure is spreading quietly through digital supply chains.
“Because it acts as a connective layer, MCP creates an attack surface where the impact of a single flaw can be amplified across multiple insureds and portfolios.
“Its open, interconnected nature and the features which make MCP efficient and scalable can also be conduits for exploitation.”
Security researchers have already reported a rise in MCP-related attacks, including cases where AI models have been manipulated. If an MCP server’s permissions are too broad or its access controls are misconfigured, a malicious query could extract confidential data or modify records through what appears to be a legitimate integration.
KYND added that weaknesses in the infrastructure underpinning MCP can also be exploited, allowing attackers to access connected systems and potentially leak sensitive data.
For insurers, MCP exposure presents new challenges at both individual and portfolio level, making risk selection more complex and increasing the potential for widespread compromise. This is further compounded by the pace of change, as MCP-enabled tools evolve rapidly and an organisation’s risk profile can quickly become outdated.
To address these risks, KYND advises insurers to implement continuous portfolio monitoring, incorporate richer data into their risk selection, and refine policy wordings around AI-related incidents.
Thomas added, “Insurers must evolve their approach to be resilient in this new era of cyber risk, where exposure stems not just from software, but from the actions and behaviours of intelligent systems themselves.
“Underwriters not only need to assess the security of individual organisations, but to understand how shared dependencies multiply exposure across the market.
“Relying on the right cyber intelligence will be critical in spotting emerging risks – and acting on them before they become systemic.”
About the Author
