[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Next-Gen Trust Security](https://www.paloaltonetworks.com/network-security/next-gen-trust-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [AI Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-cybersecurity?ts=markdown) 3. [AI Frameworks](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security?ts=markdown) 4. [Model Context Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp?ts=markdown) Table of Contents * [How to Secure AI Infrastructure: A Secure by Design Guide](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security?ts=markdown) * [What created the need for AI infrastructure security?](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#what-created-the-need-for-ai-infrastructure-security?ts=markdown) * [What is secure by design AI?](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#what-is-secure-by-design-ai?ts=markdown) * [1. Secure the AI data pipeline](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#secure-the-ai-data-pipeline?ts=markdown) * [2. Secure model training environments](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#secure-model-training-environments?ts=markdown) * [3. Protect model artifacts](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#protect-model-artifacts?ts=markdown) * [4. Harden model deployment infrastructure](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#harden-model-deployment-infrastructure?ts=markdown) * [5. Defend inference-time operations](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#defend-inference-time-operations?ts=markdown) * [6. Monitor and respond continuously](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#monitor-and-respond-continuously?ts=markdown) * [7. Apply Zero Trust across AI environments](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#apply-zero-trust-across-ai-environments?ts=markdown) * [8. Govern the AI lifecycle end to end](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#govern-the-ai-lifecycle-end-to-end?ts=markdown) * [AI infrastructure security FAQs](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security#ai-infrastructure-security-faqs?ts=markdown) * [What Is a Security Framework? Definition and Benefits](https://www.paloaltonetworks.com/cyberpedia/what-is-security-framework?ts=markdown) * [Security Frameworks Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-security-framework#security?ts=markdown) * [What Are Common Cybersecurity Frameworks?](https://www.paloaltonetworks.com/cyberpedia/what-is-security-framework#what?ts=markdown) * [Benefits of a Security Framework](https://www.paloaltonetworks.com/cyberpedia/what-is-security-framework#benefits?ts=markdown) * [How Organizations Use Security Frameworks](https://www.paloaltonetworks.com/cyberpedia/what-is-security-framework#how?ts=markdown) * [Security Frameworks and Security Maturity](https://www.paloaltonetworks.com/cyberpedia/what-is-security-framework#maturity?ts=markdown) * [Security Frameworks vs. Compliance Requirements](https://www.paloaltonetworks.com/cyberpedia/what-is-security-framework#security?ts=markdown) * [Security Framework FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-security-framework#faqs?ts=markdown) * What is Model Context Protocol (MCP)? How It Works, Uses, and Security Risks * [Model Context Protocol Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#model?ts=markdown) * [How Model Context Protocol Works](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#how?ts=markdown) * [Core Architecture of MCP](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#core?ts=markdown) * [MCP Resources, Prompts, and Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#tools?ts=markdown) * [How MCP Connects AI Models to External Data Sources](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#connects?ts=markdown) * [Real-World Use Cases for Model Context Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#real-world?ts=markdown) * [Security Risks in Model Context Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#in-model?ts=markdown) * [How to Implement Model Context Protocol Safely](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#implement?ts=markdown) * [Model Context Protocol FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#faqs?ts=markdown) * [What Is Explainability?](https://www.paloaltonetworks.com/cyberpedia/ai-explainability?ts=markdown) * [Explainability Defined](https://www.paloaltonetworks.com/cyberpedia/ai-explainability#explainability?ts=markdown) * [Why Explainability Matters](https://www.paloaltonetworks.com/cyberpedia/ai-explainability#why?ts=markdown) * [Explainability Vs. Interpretability](https://www.paloaltonetworks.com/cyberpedia/ai-explainability#vs?ts=markdown) * [Explainability and Adversarial Attacks](https://www.paloaltonetworks.com/cyberpedia/ai-explainability#attacks?ts=markdown) * [Explainable AI: From Theory to Practice](https://www.paloaltonetworks.com/cyberpedia/ai-explainability#practice?ts=markdown) * [Explainability FAQs](https://www.paloaltonetworks.com/cyberpedia/ai-explainability#faqs?ts=markdown) * [IEEE Ethically Aligned Design](https://www.paloaltonetworks.com/cyberpedia/ieee-ethically-aligned-design?ts=markdown) * [IEEE Ethically Aligned Design Explained](https://www.paloaltonetworks.com/cyberpedia/ieee-ethically-aligned-design#ieee?ts=markdown) * [Key Areas of the IEEE EAD;](https://www.paloaltonetworks.com/cyberpedia/ieee-ethically-aligned-design#key?ts=markdown) * [Challenges and Ongoing Evolution of the EAD](https://www.paloaltonetworks.com/cyberpedia/ieee-ethically-aligned-design#challenges?ts=markdown) * [IEEE Ethically Aligned Design FAQs](https://www.paloaltonetworks.com/cyberpedia/ieee-ethically-aligned-design#faqs?ts=markdown) * [Google's Secure AI Framework (SAIF)](https://www.paloaltonetworks.com/cyberpedia/google-secure-ai-framework?ts=markdown) * [Google's Secure AI Framework Explained](https://www.paloaltonetworks.com/cyberpedia/google-secure-ai-framework#google?ts=markdown) * [SAIF's Key Pillars](https://www.paloaltonetworks.com/cyberpedia/google-secure-ai-framework#saif?ts=markdown) * [Secure AI Framework \& Integrated Lifecycle Security](https://www.paloaltonetworks.com/cyberpedia/google-secure-ai-framework#secure?ts=markdown) * [SAIF Challenges](https://www.paloaltonetworks.com/cyberpedia/google-secure-ai-framework#challenges?ts=markdown) * [Google's Secure AI Framework FAQs](https://www.paloaltonetworks.com/cyberpedia/google-secure-ai-framework#faqs?ts=markdown) * [NIST AI Risk Management Framework (AI RMF)](https://www.paloaltonetworks.com/cyberpedia/nist-ai-risk-management-framework?ts=markdown) * [NIST AI Risk Management Framework (AI RMF) Explained](https://www.paloaltonetworks.com/cyberpedia/nist-ai-risk-management-framework#nist?ts=markdown) * [Fundamental Functions of NIST AI RMF](https://www.paloaltonetworks.com/cyberpedia/nist-ai-risk-management-framework#fundamental?ts=markdown) * [Socio-Technical Approach](https://www.paloaltonetworks.com/cyberpedia/nist-ai-risk-management-framework#socio?ts=markdown) * [Flexibility](https://www.paloaltonetworks.com/cyberpedia/nist-ai-risk-management-framework#flexibility?ts=markdown) * [NIST Implementation](https://www.paloaltonetworks.com/cyberpedia/nist-ai-risk-management-framework#implementation?ts=markdown) * [NIST AI RMF Limitations](https://www.paloaltonetworks.com/cyberpedia/nist-ai-risk-management-framework#limitations?ts=markdown) * [NIST AI Risk Management Framework FAQs](https://www.paloaltonetworks.com/cyberpedia/nist-ai-risk-management-framework#faqs?ts=markdown) * [MITRE's Sensible Regulatory Framework for AI Security](https://www.paloaltonetworks.com/cyberpedia/mitre-sensible-regulatory-framework-atlas-matrix?ts=markdown) * [MITRE's Sensible Regulatory Framework for AI Security Explained](https://www.paloaltonetworks.com/cyberpedia/mitre-sensible-regulatory-framework-atlas-matrix#mitre?ts=markdown) * [Risk-Based Regulation and Sensible Policy Design](https://www.paloaltonetworks.com/cyberpedia/mitre-sensible-regulatory-framework-atlas-matrix#risk?ts=markdown) * [Collaborative Efforts in Shaping AI Security Regulations](https://www.paloaltonetworks.com/cyberpedia/mitre-sensible-regulatory-framework-atlas-matrix#collaborative?ts=markdown) * [Introducing the ATLAS Matrix: A Tool for AI Threat Identification](https://www.paloaltonetworks.com/cyberpedia/mitre-sensible-regulatory-framework-atlas-matrix#introducing?ts=markdown) * [MITRE's Comprehensive Approach to AI Security Risk Management](https://www.paloaltonetworks.com/cyberpedia/mitre-sensible-regulatory-framework-atlas-matrix#management?ts=markdown) * [MITRE's Sensible Regulatory Framework for AI Security FAQs](https://www.paloaltonetworks.com/cyberpedia/mitre-sensible-regulatory-framework-atlas-matrix#faqs?ts=markdown) * [AI Risk Management Framework](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework?ts=markdown) * [AI Risk Management Framework Explained](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework#ai?ts=markdown) * [Risks Associated with AI](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework#risks?ts=markdown) * [Key Elements of AI Risk Management Frameworks](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework#key?ts=markdown) * [Major AI Risk Management Frameworks](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework#major?ts=markdown) * [Comparison of Risk Frameworks](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework#comparison?ts=markdown) * [Challenges Implementing the AI Risk Management Framework](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework#challenges?ts=markdown) * [Integrated AI Risk Management](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework#integrated?ts=markdown) * [The AI Risk Management Framework: Case Studies](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework#the?ts=markdown) * [AI Risk Management Framework FAQs](https://www.paloaltonetworks.com/cyberpedia/ai-risk-management-framework#faqs?ts=markdown) * [What Is Observability?](https://www.paloaltonetworks.com/cyberpedia/observability?ts=markdown) * [Observability Explained](https://www.paloaltonetworks.com/cyberpedia/observability#explained?ts=markdown) * [Observability Data Types](https://www.paloaltonetworks.com/cyberpedia/observability#types?ts=markdown) * [Observability Tools for Cloud Security](https://www.paloaltonetworks.com/cyberpedia/observability#tools?ts=markdown) * [Observability FAQs](https://www.paloaltonetworks.com/cyberpedia/observability#faqs?ts=markdown) # What Is Model Context Protocol (MCP)? 3 min. read Table of Contents * * [Model Context Protocol Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#model?ts=markdown) * [How Model Context Protocol Works](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#how?ts=markdown) * [Core Architecture of MCP](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#core?ts=markdown) * [MCP Resources, Prompts, and Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#tools?ts=markdown) * [How MCP Connects AI Models to External Data Sources](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#connects?ts=markdown) * [Real-World Use Cases for Model Context Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#real-world?ts=markdown) * [Security Risks in Model Context Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#in-model?ts=markdown) * [How to Implement Model Context Protocol Safely](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#implement?ts=markdown) * [Model Context Protocol FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#faqs?ts=markdown) 1. Model Context Protocol Explained * * [Model Context Protocol Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#model?ts=markdown) * [How Model Context Protocol Works](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#how?ts=markdown) * [Core Architecture of MCP](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#core?ts=markdown) * [MCP Resources, Prompts, and Tools](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#tools?ts=markdown) * [How MCP Connects AI Models to External Data Sources](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#connects?ts=markdown) * [Real-World Use Cases for Model Context Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#real-world?ts=markdown) * [Security Risks in Model Context Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#in-model?ts=markdown) * [How to Implement Model Context Protocol Safely](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#implement?ts=markdown) * [Model Context Protocol FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp#faqs?ts=markdown) Model Context Protocol (MCP) is an open standard for connecting AI applications to external systems. It provides [large language models (LLMs)](https://www.paloaltonetworks.com/cyberpedia/what-is-llm-security?ts=markdown), AI assistants, and agents with a consistent way to access data sources, use tools, and work within structured workflows, without requiring a custom integration for every new system. For enterprises, MCP matters because AI systems are only as useful as the context they can access. Using an agent with LLM without connecting to other business applications or SaaS resources could reduce the effectiveness of the responses and actions of the AI Agents. MCP helps close that gap by standardizing how AI applications retrieve context and interact with external capabilities. At the same time, connecting AI applications to enterprise systems introduces new security questions. Organizations must control what data models can access, what tools they can invoke, how servers authenticate, and how activity is logged and monitored. In practice, MCP can improve interoperability and reduce integration sprawl, but only when it is deployed with strong access controls and clear [governance](https://www.paloaltonetworks.com/cyberpedia/ai-governance?ts=markdown). Key Points * **MCP standardizes AI connectivity**: It provides a common way for AI applications to access external tools, data, and workflows. \* **MCP uses a client-server model**: Hosts, clients, and servers work together to expose resources, prompts, and tools. \* **MCP can improve enterprise AI usefulness**: It helps ground model outputs in live, approved business context. \* **Security depends on implementation**: Least privilege, authentication, monitoring, and tool restrictions are essential. ## Model Context Protocol Explained MCP solves a common AI integration problem: most AI applications do not natively know how to connect to every internal database, SaaS platform, code repository, or workflow a business uses. Traditionally, teams built separate integrations for each model-to-system pairing, which created duplicated engineering work and inconsistent security controls. MCP replaces that patchwork with a standardized protocol. Anthropic introduced MCP as an open standard, and the protocol has grown into a broader ecosystem for connecting AI applications to tools and data. Official MCP materials describe it as a universal way for AI apps to work with external systems, and the architecture is designed to be model-agnostic rather than tied to one assistant or vendor. ## How Model Context Protocol Works MCP works through a client-server architecture. A user interacts with an AI application; the application uses an MCP client to communicate with one or more MCP servers, which expose approved capabilities from external systems. Depending on how the server is configured, those capabilities can include access to data, structured prompts, or executable tools. ### How MCP Works at a Glance | Step | What happens | Why it matters | | 1 | A user interacts with an AI application or host | The host is the entry point for the user experience | | 2 | The host uses an MCP client to communicate with an MCP server | The client handles the protocol connection | | 3 | The MCP server exposes approved resources, prompts, or tools | The server defines what the AI application can access | | 4 | The AI application retrieves context or uses a tool through the server | The model becomes more useful and grounded in real data | |------|------------------------------------------------------------------------|---------------------------------------------------------| The result is a standardized path for retrieving context and performing tasks. Instead of asking a model to guess, organizations can let the model pull relevant information from connected systems or call approved functions through MCP. That makes AI outputs more grounded, more useful, and easier to integrate into real business workflows. ## Core Architecture of MCP MCP uses hosts, clients, and servers to separate responsibilities. The host is the application layer where the user interacts with the model. The client is the protocol component inside the host that manages communication with MCP servers. The server exposes approved capabilities from external systems such as files, databases, repositories, or business tools. This separation improves interoperability, but it also defines the trust boundary. In enterprise environments, the host, client, and server must be treated as part of the overall security model. That is an implementation conclusion based on the documented MCP architecture and server capability model. ### MCP Architecture Components | Component | Role | Security consideration | | Host | The AI application where the user interacts with the model | A compromised host can influence what servers or tools are used | | Client | The component inside the host that communicates with MCP servers | Tokens in clear text allow attackers to easily steal those secrets and connect from anywhere. | | Server | The bridge to external systems such as files, databases, SaaS apps, or APIs | Untrusted MCP servers can exfiltrate private data or execute malicious code by exploiting the direct access granted to your AI and local system. | | External system | The connected data source, application, or workflow | Access should be narrowly scoped and monitored due to the lack of visibility (Who acted? Was it the human or the AI agent? | |-----------------|-----------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------| ## MCP Resources, Prompts, and Tools The MCP specification defines three especially important server-side primitives: **resources, prompts, and tools**. These are central to how MCP helps AI applications work with real-world data and workflows. ### MCP Primitives | Primitive | What it is | Example use | | Resources | Readable context or data exposed by a server | Reading files, docs, schemas, or structured records | | Prompts | Reusable templated instructions or workflows | Standardized analysis or task templates | | Tools | Executable functions a model can invoke | Querying systems, performing calculations, or calling APIs | |-----------|----------------------------------------------|------------------------------------------------------------| Resources are useful when an organization wants an AI application to retrieve information without taking action. Prompts help standardize repeatable AI workflows. Tools are the most powerful primitives because they allow models to interact with external systems through approved functions. Tools are also where risk rises sharply. A read-only resource is one thing; an executable tool that can change data, trigger workflows, or interact with production systems is another. That is why tool design and authorization matter so much in enterprise MCP deployments. ## How MCP Connects AI Models to External Data Sources LLMs are trained on broad datasets, but they do not automatically know what is happening inside a company's environment right now. They may lack access to live customer records, recent internal documentation, source code, or current operational data. MCP helps bridge that gap by providing a standard way for AI applications to access external context and capabilities. That makes MCP especially useful for enterprise AI. A support assistant can retrieve articles from an internal knowledge base. A development tool can connect to a repository or local files. An operations assistant can call approved tools that surface information from monitored systems. Instead of relying solely on training data, the model can leverage the current task-specific context. This is one reason MCP is often discussed alongside agents. As [agentic systems](https://www.paloaltonetworks.com/cyberpedia/what-is-agentic-ai-security?ts=markdown) become more common, standardized access to tools and data becomes more important. MCP provides a common protocol for that access, which lowers integration friction and makes multi-system workflows easier to build ## Real-World Use Cases for Model Context Protocol **Developer Teams** use MCP to connect coding assistants to tools, repositories, and files so the model can work with a live development context rather than generic assumptions. Official Anthropic documentation and product materials highlight these kinds of developer-focused integrations as a core part of the MCP ecosystem. **Knowledge and support teams** can use MCP to connect AI applications to internal documentation, ticketing environments, or specialized knowledge sources. That lets a model retrieve relevant information in real time instead of relying on stale or incomplete assumptions. **Security and operations teams** can use MCP to bring context from multiple systems into one AI-assisted workflow. For example, an assistant might retrieve log context, summarize evidence, or surface related system information from connected tools. The exact value depends on the server design and the tools exposed, but the underlying benefit is the same: standardized connectivity across previously siloed systems. This is a practical inference from the documented architecture and tool model. ## Security Risks in Model Context Protocol MCP can make AI systems more useful, but it also expands the attack surface. Once an AI application can connect to data sources and tools, security teams need to think about access paths, exposed capabilities, and trust boundaries, not just model behavior. The protocol provides structure, but it does not automatically solve enterprise security. ### Key MCP security risks | Risk | What it means | Why it matters | | Data exfiltration | AI applications retrieve more data than intended | Sensitive or regulated data may be exposed | | Over-permissioned tools | Tools can do more than they should | A misuse path can become a business-impacting incident | | Prompt injection | Malicious content influences model behavior or tool use | Unsafe actions or data access may follow | | Host compromise | The host or client environment is tampered with | Requests, permissions, or connections may be manipulated | | Weak authentication | Servers do not properly verify access | Unauthorized use becomes easier | |-------------------------|---------------------------------------------------------|----------------------------------------------------------| One of the biggest risks is [data exfiltration](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration?ts=markdown). If a server is overly permissive, an AI application may be able to retrieve more information than intended. The same applies to tools: the broader the permission set, the greater the risk. The most dangerous MCP deployment is usually not the protocol itself, but the one that exposes too much with too few controls. [Prompt injection](https://www.paloaltonetworks.com/cyberpedia/what-is-a-prompt-injection-attack?ts=markdown) also matters in MCP-enabled environments because external content may influence what a model requests or which tools it attempts to use. When models can act through connected systems, unsafe content can become a pathway to unsafe behavior unless permissions are tightly controlled and sensitive actions require additional review. This is an implementation risk inferred from MCP's prompt and tool capabilities. ## How to Implement Model Context Protocol Safely ### Least Privilege Secure MCP deployment starts with least privilege. Servers should expose only the resources, prompts, and tools that are actually needed, and organizations should prefer read-only access whenever possible. The specification offers broad flexibility, but that flexibility should be deliberately narrowed in enterprise environments. ### Authentication and authorization [Authentication and authorization](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization?ts=markdown) also matter. The specification includes authorization considerations for HTTP-based transports, but organizations still need to implement their own [identity](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-security?ts=markdown), access, and policy controls in production. In other words, MCP provides the protocol layer; enterprises still need a real security architecture behind it. ### Monitoring Monitoring is another core requirement. Activity should be logged so teams can see what tools were called, what data was accessed, and how systems are being used over time. Telemetry, audit trails, and operational monitoring are essential when AI applications are interacting with live systems and enterprise data. ### Caution: State-Changing Tools Finally, organizations should be cautious with state-changing tools. When a tool can modify systems, execute actions, or affect production workflows, human approval and policy checks are often appropriate. Read-only context retrieval is one thing. Autonomous action is where the guardrails need to be much stricter. That recommendation is an implementation best practice inferred from the tool model and enterprise risk posture. ### Benefits of MCP MCP gives organizations a standardized way to connect AI applications to external systems. That reduces duplicated integration work and makes it easier to build assistants and agents that can operate across multiple tools and data sources. Because it is an open standard, it also supports a more flexible integration model than one-off proprietary connectors. For enterprises, the practical benefit is simple: AI becomes more useful when it can retrieve the right context and use approved capabilities through a consistent protocol. When deployed carefully, MCP can help organizations scale AI adoption without rebuilding their integration stack every time. | Benefit | Why Organizations Care | | Standardization | Reduces custom integration work | | Interoperability | Makes it easier to connect AI apps across systems | | Better grounding | Improves answer quality with real context | | Faster AI adoption | Lowers friction for deploying useful AI workflows | | Reduced vendor lock-in | Supports a more open, portable integration model | |------------------------|---------------------------------------------------| ## Model Context Protocol FAQs ### What is Model Context Protocol? Model Context Protocol (MCP) is an open standard for connecting AI applications to external systems, including data sources, tools, and workflows. It gives AI applications a consistent way to retrieve context and perform tasks without requiring a separate custom integration for each system. ### What is an MCP server? An MCP server is the component that exposes capabilities from an external system to an MCP client. Those capabilities can include resources, prompts, and tools, depending on the server's design. ### What is an MCP client? An MCP client is the component within the host application that communicates with MCP servers, manages the protocol connection, and helps the AI application use the server's exposed capabilities. ### What are MCP resources, prompts, and tools? Resources are context and data exposed by a server. Prompts are reusable, structured instructions or workflow templates. Tools are executable functions that a model can invoke to interact with external systems. ### Is MCP only for Anthropic? No. Anthropic introduced MCP, but it is an open standard intended for broad ecosystem use rather than a single proprietary model. Official materials describe it as a universal way for AI applications to connect to external systems. ### Is Model Context Protocol secure? MCP can support secure AI integrations, but security depends on implementation. Organizations still need least-privilege access, authentication and authorization controls, monitoring, and strong safeguards around tools and connected systems. ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20is%20Model%20Context%20Protocol%20%28MCP%29%3F%20How%20It%20Works%2C%20Uses%2C%20and%20Security%20Risks&body=Learn%20what%20Model%20Context%20Protocol%20%28MCP%29%20is%2C%20how%20it%20works%2C%20and%20how%20AI%20apps%20connect%20to%20tools%20and%20data%20sources%20securely%20in%20enterprise%20environments.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-model-context-protocol-mcp) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-security-framework?ts=markdown) What Is a Security Framework? Definition and Benefits [Next](https://www.paloaltonetworks.com/cyberpedia/ai-explainability?ts=markdown) What Is Explainability? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language