Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: MCP Will Be Built Into Windows To Make an 'Agentic OS' - Bringing
Security Concerns

Link: https://tech.slashdot.org/story/25/05/24/1740...

It's like "a USB-C port for AI applications..." according to the official
documentation for MCP - "a standardized way to connect AI models to different
data sources and tools." And now Microsoft has "revealed plans to make MCP a
native component of Windows," reports DevClass.com, "despite concerns over
the security of the fast-expanding MCP ecosystem." In the context of Windows,
it is easy to see the value of a standardised means of automating both built-
in and third-party applications. A single prompt might, for example, fire off
a workflow which queries data, uses it to create an Excel spreadsheet
complete with a suitable chart, and then emails it to selected colleagues.
Microsoft is preparing the ground for this by previewing new Windows
features. - First, there will be a local MCP registry which enables discovery
of installed MCP servers. - Second, built-in MCP servers will expose system
functions including the file system, windowing, and the Windows Subsystem for
Linux. - Third, a new type of API called App Actions enables third-party
applications to expose actions appropriate to each application, which will
also be available as MCP servers so that these actions can be performed by AI
agents. According to Microsoft, "developers will be able to consume actions
developed by other relevant apps," enabling app-to-app automation as well as
use by AI agents. MCP servers are a powerful concept but vulnerable to
misuse. Microsoft corporate VP David Weston noted seven vectors of attack,
including cross-prompt injection where malicious content overrides agent
instructions, authentication gaps because "MCP's current standards for
authentication are immature and inconsistently adopted," credential leakage,
tool poisoning from "unvetted MCP servers," lack of containment, limited
security review in MCP servers, supply chain risks from rogue MCP servers,
and command injection from improperly validated inputs. According to Weston,
"security is our top priority as we expand MCP capabilities." Security
controls planned by Microsoft (according to the article): A proxy to mediate
all MCP client-server interactions. This will enable centralized enforcement
of policies and consent, as well as auditing and a hook for security software
to monitor actions. A baseline security level for MCP servers to be allowed
into the Windows MCP registry. This will include code-signing, security
testing of exposed interfaces, and declaration of what privileges are
required. Runtime isolation through what Weston called "isolation and
granular permissions." MCP was introduced by Anthropic just 6 months ago, the
article notes, but Microsoft has now joined the official MCP steering
committee, "and is collaborating with Anthropic and others on an updated
authorization specification as well as a future public registry service for
MCP servers."

Read more of this story at Slashdot.

---
VRSS v2.1.180528