Insurance industry faces new AI cyber threat

The insurance sector must adapt to a rapidly emerging cyber risk as artificial intelligence becomes integrated into core business functions, according to cyber risk specialists KYND.

The company warned that Model Context Protocol (MCP) technology is creating an “uncharted era of cyber risk” that insurers are unprepared to handle. MCP allows AI models to connect directly to an organization’s digital infrastructure, enabling AI systems to access and interact with tools, data, and applications in real time.

“The AI boom is happening fast, and security frameworks are still catching up,” said Andy Thomas, CEO and founder of KYND. “As MCP usage accelerates, with more companies adopting generative-AI solutions, MCP exposure is spreading quietly through digital supply chains.”

While transformative for business operations, the technology introduces systemic risks that can go undetected by cyber insurers. MCP said it functions as a connective layer between systems, creating an attack surface where a single vulnerability can affect multiple insureds and portfolios simultaneously.

Security researchers have documented a growing number of MCP-related attacks, including cases where AI models have been manipulated. Misconfigured access controls or overly broad permissions on MCP servers can allow malicious queries to extract confidential data or modify records through seemingly legitimate integration.

Infrastructure weaknesses supporting MCP can also give attackers access to connected systems, creating potential for sensitive data leaks.

The risk poses challenges at both individual and portfolio levels for insurers, complicating risk selection and increasing the potential for widespread compromise. The rapid evolution of MCP-enabled tools means an organization’s risk profile can become outdated quickly.

KYND recommends insurers implement continuous portfolio monitoring, incorporate richer data into risk selection, and refine policy wordings around AI-related incidents.

“Underwriters not only need to assess the security of individual organizations but also understand how shared dependencies multiply exposure across the market,” Thomas said. “Relying on the right cyber intelligence will be critical in spotting emerging risks – and acting on them before they become systemic.”