The MCP Backdoor:
How Malware Slips In
Through Developer Tools
Host
speakers
Founder and Analyst
Latio
Security Researcher
Koi
Security Engineering Lead
Grammarly
Save your seat
Can’t join live? Register anyway and we’ll send you the recording
Abstract
Koi researchers uncovered the first malicious Model Context Protocol (MCP) server in the wild. It hid inside a routine developer workflow and silently BCC’d outbound emails to an attacker. It looked like a normal integration and stayed invisible to standard endpoint and supply chain controls. This is a new backdoor already living inside developer tooling.
MCP servers act as super-connectors across code, data, and infrastructure. They self-install, self-update, and often operate outside approved software intake. The result is permissions sprawl, opaque data movement, and attack paths most teams are not monitoring.
How this emerging protocol spreads through developer tools and quietly lands inside enterprise endpoints.
A live breakdown of the attack path, what it touched, and why traditional controls missed it.
Findings from enterprise assessments and the telemetry that actually surfaces MCP risk.
A 30-day path to restore visibility, score MCP risk across endpoints, and enforce guardrails without slowing developers.