The US National Security Agency has issued a fresh warning over the security risks surrounding the rapidly growing Model Context Protocol (MCP), raising new concerns for QA, software testing and digital resilience teams inside banks and financial institutions deploying increasingly autonomous AI systems.
In new guidance released last week, the NSA warned that MCP, an emerging protocol increasingly used to connect AI systems with external tools, databases and services, could expose organizations to significant cyber and operational risks if deployed without stronger safeguards.
The agency said MCP has quickly become “the de facto standard” for communication across many AI-driven services and is already seeing adoption across sectors including financial services, software development and legal services.
For banks experimenting with agentic AI systems capable of autonomously executing workflows, accessing databases and interacting with production systems, the warning highlights a growing challenge facing QA and AI testing teams: traditional testing and governance frameworks may no longer be sufficient once AI systems move beyond chatbot-style interactions into autonomous execution environments.
Autonomous execution assurance
Unlike traditional generative AI systems focused primarily on producing responses, MCP allows AI systems to chain together actions across multiple connected tools and services.
The NSA described how AI agents could autonomously organize complex workflows such as travel planning by querying multiple systems simultaneously, gathering information and executing tasks with limited human intervention.
But the agency warned that the protocol’s rapid adoption has “outpaced the development of its security model.”
According to the NSA, MCP introduces “new and largely not well-traced attack paths” because connected AI systems can increasingly query tools, trigger actions and interact with services autonomously across environments.
For QA and software testing teams at banks, this represents a major shift in the AI testing perimeter.
Testing AI systems is no longer simply about validating model accuracy, hallucination rates or chatbot responses. Instead, teams may increasingly need to validate runtime behavior, permission boundaries, authentication logic, execution chains, API interactions and escalation controls inside live operational environments.
The warning reflects broader industry concerns that AI systems are rapidly evolving into orchestration layers capable of interacting directly with sensitive banking infrastructure, including payment systems, fraud platforms, compliance tooling and customer databases.
Runtime testing and observability
The NSA guidance highlighted several risks associated with MCP deployments, including weak authentication, insufficient approval controls, insecure data handling, missing audit logs and vulnerabilities that could allow attackers to inject malicious instructions or hijack sessions.
The agency also warned that some MCP systems lack strong permission controls, increasing the risk that AI agents could gain excessive access to sensitive systems or data.
For operational resilience and quality engineering teams, the concern is particularly significant because many autonomous AI interactions may occur dynamically during runtime rather than through fixed deterministic workflows that can be fully validated before deployment.
That creates growing pressure on financial institutions to adopt more advanced AI assurance approaches, including adversarial testing, continuous runtime monitoring, behavioral validation and agentic workflow simulation.
The NSA’s emphasis on “not well-traced attack paths” also highlights mounting concerns around observability and auditability in AI-driven environments, especially as regulators increase scrutiny over governance, explainability and operational resilience.
Banks operating under frameworks such as DORA, operational resilience rules and emerging AI governance requirements are already facing increasing pressure to demonstrate that critical systems remain observable, testable and controllable even when AI agents are operating autonomously.
Autonomous systems create new resilience risks
The guidance comes amid rapidly accelerating interest in agentic AI across financial services.
Banks globally are experimenting with autonomous AI systems capable of handling fraud investigations, compliance workflows, customer service operations, KYC reviews and internal productivity tasks.
But security experts increasingly warn that autonomous execution introduces new categories of risk that traditional software testing programs were not originally designed to handle.
A compromised or poorly controlled MCP-connected AI agent could potentially trigger unauthorized actions, expose sensitive information, bypass controls or disrupt operational workflows across interconnected systems.
The NSA urged organisations to adopt “heightened scrutiny” when deploying MCP-based systems and recommended stronger safeguards including trusted tool validation, segmentation of sensitive systems, tighter access restrictions, improved monitoring and more robust logging capabilities.
The agency described MCP as “a promising, but still maturing, foundation for agentic AI.”
For QA insiders, the message is likely to resonate well beyond cybersecurity alone.
As banks move toward increasingly autonomous AI architectures, software testing, AI validation and digital resilience teams are rapidly becoming central to ensuring that agentic systems remain governable, observable and secure once deployed into live financial environments.
WHY not become a QA Financial subscriber?
It’s entirely FREE
* Receive our weekly newsletter every Wednesday * Get priority invitations to our Forum events *
READ MORE
- Trust, not speed: Why AI governance is now a testing battleground for banks
- NatWest’s AI trade finance overhaul opens new chapter for QA teams
- Banking UAT moves beyond sign-off as QA takes centre stage in system rollouts
- Citi ramps up AI-driven testing in race to modernise legacy systems
- Lloyds, HSBC and NatWest get OpenAI access amid mounting concerns
WATCH NOW
QA FINANCIAL PODCASTS
CLICK HERE TO LISTEN TO OUR EXCLUSIVE CONVERSATIONS
