Model Context Protocol Rewrite Leaves More Security Decisions to Developers The new MCP specifications fix a long-standing weakness in how AI agents authenticate to external tools, but security experts say it shifts key safeguards to developers. The result is a more flexible standard that can also increase the risk of authorization flaws, data exposure and resource abuse.