Gartner Predicts 25% of All Enterprise GenAI Applications Will Experience At Least Five Minor Security Incidents Per Year By 2028

By 2028, 25% of all enterprise generative AI (GenAI) applications will experience at least five minor security incidents per year, up from 9% in 2025, according to Gartner, Inc., a business and technology insights company. 

As organizations continue to build and integrate agentic AI applications using technologies such as Model Context Protocol (MCP), new attack vectors and immature security practices will significantly elevate risk exposure. 

“MCP was built for interoperability, ease of use and flexibility first, so security mistakes can manifest without continuous oversight for agentic AI,” said Aaron Lord, Sr. Director Analyst at Gartner. “Because of this, the rate of minor security incidents within GenAI applications is set to grow at an increased rate. We will eventually see 15% of all enterprise GenAI applications experience at least one major security incident per year by 2029, up from 3% in 2025.”

As enthusiasm for frameworks like MCP grows, software engineering leaders must be prepared for the security realities that follow, ranging from data exposure incidents to vulnerabilities lurking in widely used third‑party components. Protecting against these risks requires establishing rigorous security review processes, prioritizing low‑risk use cases, mitigating known threat‑patterns, and empowering domain experts to define guardrails that keep agentic AI both powerful and safe.

MCP’s design optimizes interoperability and developer speed, not security enforcement by default, which means missteps can surface through ordinary usage. This can happen especially where agents can access sensitive data, ingest untrusted content, or communicate externally in the same flow. Software engineering leaders should treat any use case that combines those three factors as a “no‑go zone” due to heightened exfiltration risk. 

“Software engineering leaders should collaborate with data, security, and infrastructure teams to create a formal security review for MCP use cases to prioritize low‑risk patterns and explicitly exclude high‑risk combinations,” said Lord. “They should reinforce this with strong authentication and authorization practices tailored specifically for AI agents, not inherited from human user roles, to keep permissions tightly scoped. Applying well‑known threat‑pattern mitigations, such as guarding against content‑injection and tightening oversight of third‑party MCP components, will help close the most common gaps before they can be exploited.”

Successful, proactive mitigations for MCP security requires knowledge of antipatterns that can lead to vulnerabilities. Software engineering leaders will need to mitigate MCP vulnerabilities focused on known threat-patterns, such as content injection attacks, supply chain threats, and disclosure of sensitive data or escalation of privileges when AI tries to be helpful but makes a mistake. 

“Software engineering leaders will need to establish domain-oriented ownership for MCP servers to drive domain-driven guardrails,” said Lord. “Growing complexity from agentic AI will eventually lead to complications managing access to data and maintaining compliance.”

To address this at scale, Gartner recommends that software engineering leaders collaborate with domain experts and work backward to ensure secure-by-default interactions for agentic AI. It will be critical for domain experts to predefine their guardrails before allowing MCP clients to access their data and resources. These domains should be the owners of MCP servers and define the guardrails for agentic AI usage.

Gartner clients can learn more in Best Practices to Counter MCP Security Risks.