Lessons from the MCP Breach: How Shadow AI Exposed Enterprise Risks

Read full article here: https://www.oasis.security/blog/lessons-from-the-mcp-breach-shadow-ai/?utm_source=nhimg

In September 2025, a critical MCP server breach exposed just how dangerous shadow AI risks have become. Security researchers uncovered a backdoor in the npm package postmark-mcp, a tool widely used in AI and automation pipelines to send transactional emails. The malicious update secretly exfiltrated sensitive data, from invoices to password resets by quietly BCC’ing every outgoing email to an attacker’s domain.

What made this breach alarming wasn’t advanced malware or zero-day exploits, but the trust and automation baked into modern AI systems and MCP tools. Once deployed, MCPs often operate outside traditional security visibility, running critical workflows and handling sensitive data without proper oversight. If compromised, they can persist undetected for months, bypassing standard defenses like DLP, email gateways, and endpoint protection.

This incident highlights why AI Endpoint Discovery is now essential for enterprise security. By continuously identifying and cataloging all MCP servers, AI agents, and automation tools, including hidden “shadow” deployments organizations can:

• Detect unapproved or high-risk MCPs before they cause damage
• Monitor how AI agents consume MCPs in daily workflows
• Enforce approval gates for new AI-powered services
• Respond quickly when compromise is detected

Oasis Security provides continuous MCP discovery, reputation intelligence, and remediation guidance, helping enterprises reduce exposure and regain control over shadow AI.

The MCP breach proves one thing: you can’t secure what you don’t see. Endpoint discovery is the first line of defense against shadow AI.