Gartner projects that by 2028, 25% of enterprise generative AI (GenAI) applications will experience at least five minor security incidents annually, an increase from 9% in 2025, reflecting heightened risk as adoption accelerates.
The firm indicates that the expansion of agentic AI applications, including those built using Model Context Protocol (MCP), is introducing new attack vectors while security practices remain underdeveloped. According to Aaron Lord, senior director analyst at Gartner, MCP’s emphasis on interoperability and flexibility can allow security weaknesses to emerge without continuous oversight. He added that the proportion of enterprise GenAI applications encountering at least one major security incident per year is expected to reach 15% by 2029, up from 3% in 2025.
The report highlights that as organisations adopt frameworks such as MCP, they face risks including data exposure and vulnerabilities linked to third-party components. It states that effective risk management requires structured security review processes, prioritisation of lower-risk use cases, and the implementation of defined safeguards by domain experts.
MCP’s architecture, designed to prioritise developer efficiency, does not inherently enforce security controls. This creates potential exposure in scenarios where AI agents simultaneously access sensitive data, process untrusted inputs, and communicate externally. Gartner identifies such combinations as high-risk due to the potential for data exfiltration.
The firm advises software engineering leaders to coordinate with security, data, and infrastructure teams to establish formal review mechanisms for MCP-based applications. It also recommends strengthening authentication and authorisation models tailored to AI agents rather than relying on frameworks designed for human users. Additional measures include mitigating known threat patterns such as content injection and increasing scrutiny of third-party components integrated into MCP environments.
The analysis further notes that mitigating vulnerabilities requires awareness of common failure patterns, including supply chain risks, unintended disclosure of sensitive information, and privilege escalation resulting from automated decision-making by AI systems.
Gartner also emphasises the need for domain-specific governance, recommending that organisations assign ownership of MCP servers to domain experts responsible for defining operational guardrails. As agentic AI systems grow more complex, the firm expects challenges in managing data access and maintaining compliance to increase, making predefined controls and secure-by-default configurations essential for scaling these technologies.
