AI and MCP Create a New Systemic Cyber Threat Insurers Can't Ignore

Insurers face new threats as AI and MCP adoption reshape cyber risk

AI at scale is changing cyber exposure. The adoption of Model Context Protocol (MCP) is accelerating that change, and it's creating risk that slips past traditional underwriting and controls.

MCP lets AI systems plug directly into a company's tools, data, and applications. That brings efficiency. It also opens new paths for attackers-and new aggregation points across your book.

What MCP does (and why it matters to insurers)

MCP connects AI models to live business systems for automated data exchange and decision-making. It acts like a connective layer inside digital ecosystems.

That same connectivity turns local weaknesses into portfolio issues. A single flaw in a widely used MCP component or configuration can hit many insureds at once.

The emerging threat pattern

• Over-permissive scopes and misconfigured access controls enabling model manipulation and data exfiltration.
• Malicious queries routed through "legit" AI integrations that look normal to monitoring.
• Weaknesses in MCP infrastructure exposing broader networks or leaking sensitive data.

Why this creates systemic exposure

KYND warns that MCP is a conduit for correlated loss. One vulnerability, many victims. Fast-moving deployments make it harder to keep an accurate risk picture across portfolios.

As Andy Thomas, CEO and founder at KYND, put it: "The AI boom is happening fast and security frameworks are still catching up."

Underwriting actions to take now

• Add an MCP and AI-integration section to questionnaires:
  • What MCP platform/version is in use? Self-hosted vs. managed?
  • Which systems are connected? Data classifications involved?
  • Scope of permissions (read/write/admin) and privilege boundaries?
  • Who governs model tools, connectors, and policy updates?
• Require control evidence:
  • Least-privilege scopes, strong auth, and secrets management for MCP services.
  • Segmentation/isolation for MCP components and connected apps.
  • Audit logging for all AI tool actions and data access via MCP.
  • Change control for model/tool updates; rollback plans; kill switch.
• Clarify aggregation:
  • Identify common MCP vendors, versions, and connectors across insureds.
  • Set caps, sublimits, or endorsements for correlated AI/MCP events.

Policy wording to revisit

• Definitions: what constitutes an "AI system," "MCP," "tool," and "connector."
• Covered triggers: confidentiality, integrity, and availability impacts from AI-driven actions.
• Misconfiguration and over-permissioning: clarify treatment as security failure vs. operational error.
• Contingent BI tied to MCP outages or supplier-side AI integrations.
• Widespread event language for correlated MCP vulnerabilities.

Claims and incident response implications

• Expect stealth: attacks may look like normal AI traffic. Plan for forensic logging of MCP requests, tool outputs, and permission changes.
• Require an MCP "kill switch" and rollback plan to contain malicious automations fast.
• Pre-arrange coordination with AI vendors, MCP maintainers, and key suppliers for evidence and patching.
• Preserve prompts, tool-call traces, and model versions for attribution and subrogation.

Continuous monitoring: what to watch

• MCP endpoints exposed to the internet and their authentication posture.
• Permission scopes for connectors; detect drift to broader access.
• High-risk data flows (PII, financials, IP) through MCP pipelines.
• Model and tool update cycles; emergent behavior changes after updates.
• Indicators of AI-specific abuse (prompt injection, tool hijacking, data leakage).

Portfolio stress testing

• Model a critical vulnerability in a popular MCP server or connector used by multiple insureds.
• Estimate time-to-exploit vs. time-to-patch and resulting BI windows.
• Quantify data integrity losses, remediation costs, and third-party liability.
• Test reinsurance responsiveness to AI/MCP-driven correlated events.

Market context

"As MCP usage accelerates, with more companies adopting generative-AI solutions, MCP exposure is spreading quietly through digital supply chains," said Thomas. "Because it acts as a connective layer, MCP creates an attack surface where the impact of a single flaw can be amplified across multiple insureds and portfolios."

KYND's guidance: tighten assessment protocols, move to continuous portfolio monitoring, and update wording to reflect AI-driven incidents. "Relying on the right cyber intelligence will be critical in spotting emerging risks-and acting on them before they become systemic," Thomas added.

Where to go from here

• Refresh underwriting and security questionnaires to include MCP specifics.
• Build an MCP/AI control baseline and require attestations with evidence.
• Run aggregation analysis on shared MCP vendors and connectors across your book.
• Update policy definitions and triggers; add endorsements where exposure is high.
• Train underwriting, cyber engineers, and claims teams on AI/MCP behaviors and failure modes. For structured upskilling, see AI courses by job.

Helpful references

• NIST AI Risk Management Framework (for aligning controls and governance).
• OWASP Top 10 for LLM Applications (common AI attack vectors like prompt injection and data leakage).