Is the MCP protocol safe to use in production?

MCP (Model Context Protocol) standardizes how AI agents connect to tools — but it does not standardize the security of those connections. The MCP specification explicitly does not enforce security at the protocol level, placing the entire burden on developers.

Since its release, MCP has accumulated critical vulnerabilities:

• STDIO transport RCE (April 2026): Command injection via the MCP SDK allowing remote code execution
• NeighborJack (CVE-2025-49596, CVSS 9.4): Unauthenticated access to MCP servers on local networks
• Tool poisoning attacks: Malicious tool descriptions that manipulate agent behavior (OWASP MCP Top 10)
• "Rug pull" attacks: Tools that change their behavior after initial user approval without triggering security warnings
• OAuth token exfiltration: Stealing credentials through compromised MCP servers
• First malicious MCP package (Sept 2025): Supply chain attack targeting MCP users

The core problem: MCP gives agents more tool access = more attack surface. Without governance, every MCP tool connection is an unguarded entry point to your production infrastructure.

Exogram ships a native MCP server that adds governance to every MCP tool call. When Claude Desktop (or any MCP client) makes a tool call, it passes through Exogram's deterministic policy engine before reaching the target tool. Drop-in integration, zero changes to your agent logic, and every tool call is validated, logged, and governed.