Security researchers have a name for what’s happening inside most enterprise AI deployments right now: NeighborJack.
Your MCP server is bound to 0.0.0.0. Any device on your network can connect directly to it and start calling your tools. Not hacking. Just connecting. No credentials required.
MCP gave your agents access. It did not give you control.
What we cover:
What NeighborJack is and how Backslash Security first documented it in June 2025
Why hundreds of public MCP servers are reachable by any device on the same local network
What MCP Security Gateways actually do and why vendors are building them
The four questions every operator should answer about any MCP server they’re running
Bind address, authentication, tool scope, logging: the checklist for free
Why the control layer is coming whether you’re ready or not
The four questions:
What address is it bound to?
What authentication does it require?
What is the broadest thing it can do?
Where are its logs?
If you can’t answer all four in under five minutes, that server isn’t under control. It’s just running.
Receipts:
Backslash Security — original NeighborJack research, June 2025: https://www.backslash.security/blog/hundreds-of-mcp-servers-vulnerable-to-abuse
ITPro — MCP server misconfiguration coverage: https://www.itpro.com/software/development/mcp-servers-security-vulnerabilities
Red Hat — MCP security landscape analysis: https://www.redhat.com/en/blog/mcp-security-current-situation
Composio — NeighborJack remediation guide: https://composio.dev/content/mcp-vulnerabilities-every-developer-should-know
Read the full article: https://aifrankly.substack.com/p/someone-needs-to-sit-between-your-b31
Watch on YouTube:
Subscribe free at aifrankly.substack.com for weekly lab notes on enterprise AI, security, and the tools that actually work.
AI Frankly: Build the layer or buy the breach.








