Pynt's research on Modular Control Protocols (MCPs) highlights the evolving security risks they pose as they become integral to modern software execution layers. MCPs act as intermediaries between AI agents and the systems they control, and while individual plugins may appear secure, their combinations can create significant vulnerabilities by allowing attacker-controlled inputs to interact with privileged actions. The study found that 72% of MCPs enable sensitive operations, such as executing code or accessing high-permission APIs, often without sufficient validation or approval mechanisms. The risk of exploitation increases dramatically with the addition of more MCP plugins, with the potential for silent and undetected attacks. Real-world examples demonstrate how seemingly benign actions, like processing a Slack message or email, can lead to automatic code execution without human intervention. The report underscores the need for a new security model that addresses the unique challenges posed by MCPs, focusing on compositional risk and advocating for measures such as isolation, runtime validation, and user-confirmed actions to mitigate potential threats.