AI agents powered by tools like Claude Code and Kiro are transforming software development by enabling faster, more refined solutions, but they also introduce serious security risks. The Model Context Protocol (MCP) has emerged as the standard for connecting AI agents to external tools, data sources, and services. While MCP expands agent capabilities significantly, it also creates new attack surfaces, including malicious MCP servers, prompt injection through tool outputs, and supply chain vulnerabilities.

The blog post demonstrates these risks practically by building a seemingly innocent MCP tool that escalates into credential theft, successfully exfiltrating AWS credentials through prompt injection without user awareness. To mitigate these threats, developers should treat MCP servers like external dependencies, review tool schemas carefully, prefer sandboxed agent environments with least-privilege access, use secret detection and static analysis in CI/CD pipelines, and monitor agent tool activity closely. The core message is that AI agent tools represent a new trusted computing base and must be secured accordingly.