The insurance sector is entering a new era of cyber exposure as artificial intelligence becomes increasingly embedded in business operations, according to cyber risk specialists KYND.
The London-based firm has released a white paper, MCP: The hidden frontier of AI-driven cyber risk, urging insurers to reassess how they evaluate cyber threats and increase technical understanding of Model Context Protocol (MCP), a key technology driving this evolving risk landscape.
MCP allows AI models to connect directly to an organisation’s digital ecosystem, enabling them to securely interact with tools, data, and applications in real time.
For example, a retail company might deploy an AI assistant to support operational workflows, but this can introduce hidden vulnerabilities across systems.
Andy Thomas, KYND’s CEO and founder, explained: “The AI boom is happening fast and security frameworks are still catching up.
“As MCP usage accelerates, with more companies adopting generative-AI solutions, MCP exposure is spreading quietly through digital supply chains.
“Because it acts as a connective layer, MCP creates an attack surface where the impact of a single flaw can be amplified across multiple insureds and portfolios.
“Its open, interconnected nature and the features which make MCP efficient and scalable can also be conduits for exploitation.”
Researchers have already observed an increase in MCP-related attacks, including attempts to manipulate AI models.
If an MCP server has overly broad permissions or misconfigured access controls, attackers could extract sensitive data or modify records under the guise of legitimate integration. Vulnerabilities in the underlying infrastructure could also provide pathways to compromise connected systems.
For insurers, MCP creates complex risk considerations at both the individual policy and portfolio levels. Rapidly evolving MCP-enabled tools mean that organisations’ security profiles can change quickly, making traditional risk assessment approaches less reliable.
To address these emerging challenges, KYND recommends insurers:
-
Implement ongoing monitoring across portfolios
-
Enhance data inputs for more informed risk selection
-
Update policy language to cover AI-related incidents
Thomas added: “Insurers must adapt to remain resilient in this new cyber landscape, where risk arises not only from software flaws, but also from the behaviour of intelligent systems.
“Underwriters need to evaluate both individual organisation security and shared dependencies that could magnify exposure across the market.
“Access to accurate cyber intelligence will be crucial for identifying risks early and taking action before they escalate into systemic threats.”
Copyright © 2025 FinTech Global
