A Year of MCP: From Internal Experiment to Industry Standard | Pento

## The Hard Truth: Security Is Still the Elephant in the Room Let's be direct: MCP in 2025 shipped fast, and security didn't always keep pace. Security researchers have documented multiple outstanding issues, and some are genuinely concerning:^10^ **Authentication gaps**: The protocol provides minimal guidance on authentication, and many implementations default to no auth at all. Session IDs in URLs violate basic security practices. Until recently, there was no official registry to verify server authenticity.^11^ **Prompt injection vulnerabilities**: Tool descriptions go straight to the AI model. Malicious actors can hide instructions in those descriptions that the AI follows without the user's knowledge.^12^ **Token storage risks**: MCP servers often store OAuth tokens for multiple services. One breach equals access to everything: your Gmail, your Drive, your CRM.^13^