When Anthropic introduced Skills last October, a new different approach to extending AI agents, most developers started discussing about MCP vs Skills. Most recently the hype on OpenClaw and Clawhub, reaching 5,705 community-built skills in few weeks, only accelerated interest for the skill paradigm. An important open question is: which one is easier to secure?

Wasn’t MCP designed with security in mind?

A CoSAI white paper revealed over 40 identified threats in MCP across 12 categories. Meanwhile, Skills face roughly 5 major security concerns. Time alone may bring more vulnerabilities, however the paradox exists: the standard designed with security boundaries (MCP) created a larger attack surface.

This isn’t theoretical. Recent weeks brought three critical MCP Git server vulnerabilities enabling remote code execution and a CVSS 10.0 zero-click RCE in Claude Desktop Extensions where a malicious calendar invite could compromise entire systems.

Show me your architecture and I will tell you who you are

The architectural differences explain why. MCP runs each integration in separate processes with scoped credentials, creating multiple attack surfaces: OAuth flows, token management, process boundaries, and supply chain integrity. Simon Willison identified “rug pulls” and “tool shadowing” vulnerabilities, while Palo Alto’s Unit 42 documented resource theft, conversation hijacking, and covert tool invocation.

Skills take a simpler approach. Running entirely within Claude’s conversation sandbox, their main concerns are prompt injection, sandbox boundaries, credential management, code execution trust, and tool access permissions. As a recent comparison article notes, Skills sacrifice MCP’s enterprise-grade isolation for deployment speed.

For organizations building with AI agents, the choice is clear:

• MCP for enterprise deployments requiring robust security infrastructure including containers, trusted execution environments and cryptographic provenance,

• Skills for rapid prototyping where prompt-level security suffices.

The emerging consensus: both will coexist, often as part of the same three-layer system. But as AI agents move to production, security teams must understand each layer and their vastly different threat landscapes.

33N Company Updates 🚀

• Hiring several positions across Sales & Marketing, after Series A!

• Launched integration with Checkpoint, MongoDB, SUSE – Read more

• Hiring several positions across Sales & Marketing, Product, HR and more – Read more

• Featured in Gartner’s new Magic Quadrant™ for Metadata Management Solutions – Read more

• Launched Polaris, Equixly’s upgraded AI assistant – Read more

• Hiring several positions, including Sales & Marketing, after Series A!

• Partnered with Mesh systems, leading US-based provider of IoT product development and managed services – Read more

• Hiring for leadership positions across Sales & Marketing and Operations – Read more

• Launched its 2026 CISO Survey, collecting feedback from 200 CISOs of US-based companies – Read more

• Named the #1 Best AI SOC Software for 2026 by Top Rank Software – Read more

Upcoming Events for 33N 🤝

• Munich Cyber Security Conference, Munich, 12-13 Feb — Gonçalo B., Gonçalo S.

• Swiss Cybersecurity Days, Bern, 17-18 Feb — Christophe

• Mobile World Congress and 4YFN, Barcelona, 2-5 Mar — Margarida, Pedro

• Montgomery Summit, Santa Monica, 10-11 Mar — Guy

• NVIDIA GTC, San Jose, 15-19 Mar — Guy, Pedro

• EIC Scalling Club Growth Forum, Paris, 18 Mar — Gonçalo M.

• KubeCon + CloudNativeCon Europe, Amsterdam, 23-26 Mar — Pedro, Lourenço

• RSA, San Francisco, 23-26 Mar — Carlos A., Carlos M., Gonçalo B., Guy