Skip to main content

The Shadow MCP Problem

When employees configure MCP servers directly in their AI coding tools (Cursor, VS Code, Claude Desktop, etc.), these integrations operate outside centralized observability and control. This creates a shadow IT problem for AI tooling that security teams must address. Runlayer provides two complementary approaches to address shadow MCP servers:

MCP Watch

Discover and inventory shadow MCP servers via scheduled scans

Hooks

Intercept MCP tool calls in real-time to enforce security policies

Security Risks

Shadow MCP servers pose significant security risks:
  • Data exfiltration — Malicious MCP servers can steal source code, credentials, API keys, and customer data
  • Supply chain attacks — Compromised or trojanized MCP packages can inject malicious behavior into otherwise legitimate tools
  • Prompt injection — Shadow MCPs may contain tool poisoning attacks that manipulate AI behavior
  • Lateral movement — MCPs with broad permissions can be exploited to access internal systems
  • Compliance violations — Uncontrolled access to PII, PHI, or regulated data without audit trails

Why This Matters for Security Teams

Unlike traditional shadow IT, shadow MCPs are particularly dangerous because:
  1. AI amplifies access — A single MCP can give AI assistants broad access to databases, APIs, and file systems
  2. Actions are automated — MCPs enable AI to take actions autonomously, not just read data
  3. No audit trail — Shadow MCPs operate outside your logging and monitoring infrastructure
  4. Difficult to detect — MCP configurations are stored in user-space config files, not installed as traditional software

Choosing an Approach

FeatureMCP WatchHooks
PurposeDiscovery and inventoryReal-time control
When it runsScheduled scans via MDMContinuous interception
What it doesFinds shadow servers, classifies themBlocks/allows tool calls
Best forVisibility, compliance auditsActive security enforcement
Use both together for comprehensive shadow MCP management:
  1. Deploy MCP Watch to discover existing shadow servers
  2. Deploy Hooks to control what those servers can do

Re-analyzing Servers

Refresh server classifications after changes

Responding to Discoveries

Security team response framework

Troubleshooting

Common issues and solutions