A number of pivotal developments marked the agentic AI and Model Context Protocol (MCP) world this past July. Two critical remote‑code‑execution flaws, one in the widely used mcp‑remote tool and another in Anthropic’s MCP Inspector, highlighted the growing security risks of AI‑agent tooling. Meanwhile, vendors released new MCP servers and training programs, and the open‑source project announced a formal governance model to sustain its rapid growth. The compiled July headlines below capture both the promise and the perils of the evolving MCP ecosystem.
07/18/2025
Nearly 2000 MCP Servers Possess No Security Whatsoever | Dark Reading
Approximately all of the nearly 2,000 Model Context Protocol (MCP) servers exposed to the Web today are totally bereft of authentication or access controls. Researchers from Knostic scanned for Internet-exposed MCP servers, finding 1,862. Their mere presence on the explorable Web was a problem in and of itself, but the picture grew grimmer when the researchers queried them, finding that none possessed any kind of authentication check.
Cybersecurity researchers have discovered a critical vulnerability in the open‑source mcp‑remote project that could result in arbitrary operating system command execution. The flaw, tracked as CVE‑2025‑6514, allows attackers to trigger OS‑command execution on the machine running mcp‑remote when it connects to an untrusted MCP server, risking full system compromise… The vulnerability affects versions 0.0.5–0.1.15 and was fixed in 0.1.16.
07/01/2025
Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits | The Hacker News
Cybersecurity researchers have discovered a critical security vulnerability in Anthropic’s MCP Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the host… This is one of the first critical RCEs in Anthropic’s MCP ecosystem, exposing a new class of browser‑based attacks… Attackers can steal data, install backdoors and move laterally across networks, highlighting serious risks for AI teams and enterprise adopters.
07/31/2025
Building to Last: A New Governance Model for MCP | Model Context Protocol Blog
Since the Model Context Protocol was open‑sourced in November 2024, the project has grown rapidly, prompting the need for a more formal governance model. Maintainers announced Specification Enhancement Proposals (SEPs) and new roles—maintainers, core maintainers and lead maintainers—to provide clarity and involve the community in the protocol’s evolution.
07/29/2025
Audiense Debuts MCP Connectors to Supercharge AI Workflows | MarTech Edge
Audiense has launched MCP connectors, seamless integrations that embed real‑time audience intelligence into tools like ChatGPT and Claude. CEO Jim Swift said MCP is becoming the new interface for how brands engage with their audiences, allowing teams to ask plain‑language questions and receive contextualized insights.
07/28/2025
HighLevel Expands Its AI Leadership With MCP Server for Action‑Ready Automation | Newswire
HighLevel launched a Model Context Protocol server that lets AI agents securely take action inside the HighLevel platform, enabling them to book appointments, follow up with leads and manage tasks autonomously. Co‑founder Varun Vairavan said the server gives AI agents the power to run parts of your business and works out of the box with 21 built‑in tools.
07/28/2025
Profound Logic Adds MCP to IBM i AI Tool | IT Jungle
With its June 2025 announcement, Profound Logic became arguably the first IBM i software vendor to add support for MCP, simplifying integration and connecting data sources to models.
07/28/2025
Perplexity’s Mac app can now perform system tasks using MCP: What it means | Business Standard
Perplexity’s macOS app has added support for the Model Context Protocol, allowing users to connect to system‑level services such as Apple Notes, Reminders and Calendar. The update enables the AI assistant to perform tasks like creating reminders or retrieving data from Google Drive through MCP connectors.
07/24/2025
viaNexus Unveils MCP Service to Enable Agent‑Driven Access to Financial Data | Global FinTech Series
viaNexus introduced an MCP service that gives autonomous agents entitlement‑aware access to financial data. The service assigns each agent a scoped identity and permissions, letting them securely discover and consume real‑time data using the Model Context Protocol.
07/21/2025
Oracle Launches MCP Server to Transform Autonomous AI Agents for Enterprise Databases | Hostnoc
Oracle launches an MCP server to power autonomous AI agents for enterprise databases. The initiative aims to let agents autonomously query, retrieve and reason over data stored in Oracle Databases, producing more context‑aware responses by enabling seamless, secure interaction with enterprise data via natural‑language prompts.
07/18/2025
Microsoft MCP Server Gives Broad AI Access to Corporate Assets Stored in Dataverse | Cloud Wars
As the pace of AI advances accelerates, the widely adopted Model Context Protocol (MCP) provides a standard format to bridge AI applications with external data sources and derive maximum value from corporate information. Microsoft’s Dataverse MCP Server advances this trend by enabling multi‑vendor AI agents and Copilots to access data stored in the company’s flagship data‑management platform.
07/17/2025
Introducing ChatGPT agent: bridging research and action | OpenAI
ChatGPT now thinks and acts, proactively choosing from a toolbox of agentic skills to complete tasks for you using its own computer. At the core of this new capability is a unified agentic system. It brings together three strengths of earlier breakthroughs: Operator’s ability to interact with websites, deep research’s skill in synthesizing information, and ChatGPT’s intelligence and conversational fluency.
07/16/2025
AWS announces new innovations for building AI agents at AWS Summit New York 2025 | AWS
New offerings in AWS Marketplace help businesses find, buy, and deploy AI agents and tools from leading providers. AWS plans to invest an additional $100 million in the AWS Generative AI Innovation Center to boost agentic AI development and deployment.
07/16/2025
AWS Knowledge MCP Server now available (Preview) | AWS
AWS announced the preview release of its Knowledge Model Context Protocol (MCP) Server, designed to surface authoritative AWS knowledge for large language models. The service provides LLM‑compatible knowledge from AWS documentation, blog posts and announcements, ground responses in trusted AWS context, is publicly accessible at no cost, and doesn’t require an AWS account.
07/15/2025
Claude for Financial Services | Anthropic
Anthropic introduced a comprehensive solution for financial analysis that transforms how finance professionals analyze markets, conduct research, and make investment decisions with Claude.
07/11/2025
Goldman Sachs is piloting its first autonomous coder in major AI milestone for Wall Street | CNBC
Goldman is testing an autonomous software engineer from artificial intelligence startup Cognition that is expected to soon join the ranks of the firm’s 12,000 human developers. The program, named Devin, became known in technology circles last year with Cognition’s claim that it had created the world’s first AI software engineer.
07/10/2025
Docker Brings Compose to the Agent Era: Building AI Agents is Now Easy | Docker
The future of software is agentic, where every developer builds goal-driven, multi-LLM agents that reason, plan, and act across a rich ecosystem of tools and services. With Docker Compose, Docker Offload, Docker’s broader AI capabilities, and our partnerships with Google, Microsoft, and Agent SDKs, we’re making that future accessible to, and easy for, everyone.
07/30/2025
Salesforce Model Context Protocol Explained: How MCP Bridges AI and Your CRM | Salesforce Ben
AI tools are great with language, but they don’t know your business. MCP bridges that gap by connecting large language models to systems like Salesforce. The protocol uses Sweep to translate metadata from Salesforce objects into the structured context these models need. This ‘USB‑C for AI’ approach is being adopted by platforms such as Sweep, Asana and Intercom, and Salesforce’s Agentforce 3.0 pilot includes an MCP client to connect LLMs to CRM data.
07/29/2025
MCP Dev Days | Microsoft Reactor
Join Microsoft Reactor and engage with developers, entrepreneurs, and startups live at MCP Dev Days, a two-day virtual event exploring the growing ecosystem around the Model Context Protocol (MCP), a standard that bridges AI models and the tools they rely on.
07/29/2025
Teradata MCP Server Empowers Agentic AI with Transparent, Trusted Data Access at Scale | Teradata
Teradata announced the launch of the open-source Teradata MCP Server – Community Edition, a powerful new framework designed to enable AI agents and users to query, analyze, and manage enterprise data with unprecedented efficiency and trust.
07/28/2025
Use the Amazon Q Developer CLI and Model Context Protocol (MCP) to build modern serverless solutions on AWS. Amazon Q CLI enables natural‑language interactions for serverless development, while MCP bridges AI models with external tools and data sources for contextual assistance. The solution provides automated support for architecture design, code generation, deployment and domain configuration, helping developers follow AWS best practices without extensive manual.
07/25/2025
How to build secure and scalable remote MCP servers | GitHub
Whether you’re extracting key data from invoices, summarizing support tickets, or searching for code snippets across a large codebase, MCP provides a standardized way to connect LLMs with the context they need. Security is such a crucial component to MCP usage, especially with a recent specification release, as well as how developers of both MCP clients and MCP servers can build secure integrations from the get-go.
07/24/2025
The agentic experience: Is MCP the right tool for your AI future? | Google Developers Blog
Leveraging MCP services across a network requires specific security constraints. You may want to add authentication to your MCP server, then authorize access to certain tools depending on the consuming application and provide observability information on which tools are being used. Apigee is providing an open‑source example of an MCP server that adds precisely this type of API security—authentication and authorization controls, observability, and ease of adaptation as the MCP standard evolves.
07/23/2025
No integration = no intelligence – why MCP matters for agent‑scale automation | Diginomica
As more servers and use cases emerge, enterprises face growing security, operational and scaling challenges, raising questions about whether MCP can navigate these complexities and become a durable integration layer.
7/18/2025
3 Ways Security Teams Can Minimize Agentic AI Chaos | Dark Reading
The advent of agentic AI could be a disaster for authorization systems in software-as-a-service (SaaS) platforms as we know them today. But it doesn't have to be, if security and IT teams address the challenges proactively and with the right perspective. Teams must first know where and why agents pose a significant risk to their authorization systems.
7/14/2025
A New Identity: IAM firms double down on agentic risk and cost | SC Media
AI agents are already accelerating triage, reducing analyst fatigue, and closing the loop on tasks that once took hours. For organizations under pressure to do more with less, agentic AI isn’t just automation, it’s hope. If you want to survive this next wave with your org intact, read this unvarnished bootstrapper starter kit.
7/10/2025
MCP is fueling agentic AI — and introducing new security risks | CSO
In just a few months, MCP has caught fire, with several thousand MCP servers now available from a wide range of vendors enabling AI assistants to connect to their data and services. And with agentic AI increasingly seen as the future of IT, MCP — and related protocols ACP and Agent2Agent — will only grow in use in the enterprise. But as organizations rushing into AI are beginning to find out, innovations like MCP also come with significant risks.
As MCP adoption accelerates, the risks are becoming more visible. Critical vulnerabilities in core tools, unsecured servers exposed on the public internet, and the launch of a formal governance model this past July highlight an ecosystem that is expanding quickly, but without consistent security guardrails. Every new connector, server, and agent capability increases the potential for unintended access and data exposure.
Securing MCP requires more than patching vulnerabilities; it demands access control that enforces identity, intent, and risk at the moment access is requested. Pomerium provides this layer of context-aware enforcement, placing Zero Trust policies between agents and the systems they interact with. This ensures that agents perform only authorized actions, with full visibility and control for security teams.
Learn More about MCP Security, Why It Matters, and How Pomerium Fits In
Explore our MCP demo app. It showcases:
Agent attempts to call sensitive services
Policies blocking out-of-scope behavior
Complete traceability and visibility
Want to meet with the team to dive deeper? Book a demo ->
Stay up to date with Pomerium news and announcements.
Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.
Use Cases
Quicklinks
Stay Connected
Stay up to date with Pomerium news and announcements.
