MCP security patterns — CCA-F Exam Prep

L2.13✨ 0

REAL STORY A staging environment dashboard. Everything green. A developer connects a new AI coding assistant to the company's MCP servers for testing. Next frame: the production database dashboard. Tables dropping one by one. The AI assistant called the MCP server's cleanup_database tool -- but it was pointed at production, not staging. Red alerts everywhere.

A staging environment dashboard. Everything green. A developer connects a new AI coding assistant to the company's MCP servers for testing. Next frame: the production database dashboard. Tables dropping one by one. The AI assistant called the MCP server's cleanup_database tool -- but it was pointed at production, not staging. Red alerts everywhere.

A developer connected a new AI tool to the company's MCP servers. It deleted the production database.

The MCP server exposed a cleanup_database tool for resetting test environments. No authentication -- any client could connect and call any tool. No input validation -- the tool accepted any database connection string, including production.

The AI assistant found a production connection string in an environment variable, passed it to cleanup_database, and the server executed it. No confirmation. No permission check.