Readiness Report
AI Security Risk Analysis: What Changed with MCP 2.0
The Model Context Protocol (MCP) 2.0 introduces the first real governance framework for AI systems that can execute commands in your enterprise, but critical security gaps remain.
Learn what MCP 2.0 solves, what it doesn’t, and how to deploy AI agents safely.
STRIVE Podcast
3 Critical Security Updates in MCP 2.0 for AI Agents
Werner Nel, Principal Security & AI Intelligence at Commvault, explains the three core security enhancements in MCP 2.0, and how they change AI agent deployment in enterprise environments.
Are you ready to deploy AI agents using MCP 2.0?
This 15-question assessment evaluates your organization’s preparedness across three critical dimensions.
Not all AI agent deployments carry the same risk. When is MCP 2.0 sufficient, and when do you need additional controls?
Our Risk Decision Guide helps you evaluate two critical factors: what the AI agent can do (tool privilege) and what information is at risk (data sensitivity).
MCP 2.0: The First Real Governance Framework for AI Agents
AI systems now execute commands, access enterprise tools, and initiate workflows that directly impact security, compliance, and business operations. The Model Context Protocol (MCP) 2.0 introduces three foundational security controls—OAuth, structured schemas, and elicitation flows—that address critical gaps in how AI agents operate within enterprise environments.
This report identifies seven vulnerabilities that remain unresolved.
12 Months
Most enterprises will have AI agents operating in production workflows within the next 12–18 months.
3 Built-In Foundational Controls
MCP 2.0 introduces OAuth-based authorization, structured tool schemas, and human-in-the-loop supervised autonomy for enterprise AI agents.
What Changed: The Three MCP 2.0 Security Enhancements
MCP 2.0 introduces meaningful governance capabilities that make enterprise AI agent deployment possible:
OAuth-Based Authorization
Establishes enforceable permission boundaries with scoped tokens that cannot be reused across systems.
Structured Tool Schemas
Eliminates injection vulnerabilities by requiring inputs to conform to validated specifications.
Elicitation Workflows
Adds human oversight for high-risk operations, creating supervised autonomy with clear audit trails.
What Remains Unresolved: The Critical Gaps
MCP 2.0 represents significant progress, but at least seven structural vulnerabilities remain.
These gaps require compensating controls and careful deployment planning.
Server Identity
No cryptographic verification of MCP servers
Tool Provenance
Tools aren’t signed or verified for authenticity
Runtime Isolation
No sandboxing or egress control
High-Level Injection
Prompt manipulation attacks still possible
Legacy Over-Privilege
Existing tools retain broad permissions
Multi-Agent Behavior
No guardrails for agent coordination
Observability Gaps
No built-in anomaly detection
Determine What Controls You Need
Two tools to help you move from understanding MCP 2.0 to making deployment decisions: evaluate your organizational readiness, then assess risk based on tool privileges and data sensitivity.