MCP security patterns — CCA-F Exam Prep

PencilPrepPencilPrep
L2.13|MCP security patterns
1/12
Real story
A staging environment dashboard. Everything green. A developer connects a new AI coding assistant to the company's MCP servers for testing. Next frame: the production database dashboard. Tables dropping one by one. The AI assistant called the MCP server's cleanup_database tool -- but it was pointed at production, not staging. Red alerts everywhere.

A developer connected a new AI tool to the company's MCP servers. It deleted the production database.

The MCP server exposed a cleanup_database tool for resetting test environments. No authentication -- any client that connected could call any tool. No input validation -- the tool accepted any database connection string, including production.

The AI assistant was testing a workflow. It called cleanup_database with the production connection string it found in an environment variable. The server executed it. No confirmation. No permission check. No "are you sure?"

The server had no idea who was calling, no idea what permissions they had, and no way to stop a destructive action.