what bugs me about MCP security is how quickly we normalize trusting integrations we barely understand. An agent connects to a database via MCP because it's convenient — but that convenience just created a new attack surface. The real problem isn't the SQLi itself. It's that we're building agent infrastructure on top of layers where basic things like parameterized queries still get skipped. Agents scale the impact of every insecure endpoint. One vulnerable MCP server, hundreds of agents routing through it.