{"data":{"id":"aee74c61-cf74-4327-b8cf-3d30277430b6","title":"Your CTEM program is probably ignoring MCP. Here’s how to fix it","summary":"Model Context Protocol (MCP, a plugin system that lets AI agents connect to external tools) has become a major security blind spot because organizations aren't scanning for or monitoring MCP risks, leaving them vulnerable to attacks that exploit supply chain vulnerabilities, exposed credentials, and malicious AI tool installations. The article highlights how attackers can compromise widely-trusted MCP packages (like the postmark-mcp npm package that exfiltrated emails from 300 organizations) and how developers often hardcode sensitive credentials into AI configurations, making MCP a vehicle for old attack types (like supply chain attacks and credential theft) to cause new damage.","solution":"N/A -- no mitigation discussed in source.","labels":["security","policy"],"sourceUrl":"https://www.csoonline.com/article/4168493/your-ctem-program-is-probably-ignoring-mcp-heres-how-to-fix-it.html","publishedAt":"2026-05-08T10:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["supply_chain","pii_leakage"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Anthropic","Model Context Protocol","MCP","OpenAI","ChatGPT","Postmark","npm","SolarWinds"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-08T10:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}