Many companies are facing pressure to quickly adopt artificial intelligence (AI), including agentic solutions. In an interview with BetaKit, Tailscale co-founder and CEO Avery Pennarun claimed that this rush has created a chaotic new “Wild West” for corporate cybersecurity.
“It’s almost like the Wild West of the internet again.”
Some of these businesses have turned to Anthropic’s Model Context Protocol (MCP) as a means of deploying AI. MCP is an open format that standardizes how large language models (LLMs) and AI agents connect to external tools, data, and systems.
Companies can place MCP servers in front of their application programming interface (API) servers to allow easier access to their systems for LLMs and AI agents. But in using MCP, Pennarun said some firms have been skipping over some necessary security and privacy checks and simply putting their own private API servers on the public internet—big missteps that open them up to a world of risk, according to the CEO.
“People are using this MCP stuff as an excuse to forget everything they ever knew about security,” Pennarun said. “It’s almost like the Wild West of the internet again,” he added.
LLMs are generative AI models that power chatbots, image creators and other applications, while AI agents are software systems that use AI to autonomously perform multiple tasks to achieve specific goals. They can access sensitive corporate information and take action with limited oversight.
Pennarun initially alluded to the MCP problem during a Web Summit Vancouver (WSV) panel in May that focused on some of the security challenges associated with AI. At the time, he advised audience members to not put their private API servers on the public internet. “I know you’re not going to listen to me, but still don’t,” he said. “I am going to laugh at you.”
RELATED: Corporate VPN startup Tailscale secures $230-million CAD Series C on back of “surprising” growth
In a follow-up conversation with BetaKit, Pennarun likened what is happening right now to the early days of the internet, before digital firewalls existed, and said he views this MCP chapter as history repeating itself.
“It’s like, ‘Oh, well, we have a firewall, but we really need this external service to be able to access our internal service, and the only way to do that is to open up our firewall and let it through, and then we’ll put a security token in front, so it’ll probably be fine,’” Pennarun said. “But then it turns out the security is actually a password [like] ‘12345.’”
Pennarun said “There’s going to be mistakes that get made here.” He noted that AI tools remain “pretty unpredictable” and compared them to hiring an employee without vetting them, then giving them “access to everything,” including code delivery, calendars, and email and the permission to complete tasks on your behalf.
“It’ll be clever a bunch of the time and do neat stuff, which is great … but also, if it goes off track, anything can happen—and it will,” Pennarun said.
Tailscale, which sells decentralized corporate virtual private network (VPN) software, wants to help companies mitigate some of these risks. It’s not alone: fellow Toronto-based software firm 1Password has also focused some of its recent efforts on helping companies tackle some of the security challenges associated with agentic AI.
RELATED: Tailscale hits 10,000 paid business clients after doubling customer base in past 10 months
Earlier this year, Tailscale hit 10,000 paid business clients—not counting its hundreds of thousands of personal users—after doubling in just 10 months. The company recently parlayed that growth into a $230-million CAD Series C funding round at a $2-billion valuation. This rapid expansion has been fuelled partly by strong demand from AI firms, including Toronto-based Cohere as well as Hugging Face and Mistral.
Pennarun said many customers have asked Tailscale to build a solution to address some of the underlying security challenges with MCP over the past five months, and his firm has been developing ways to ease this process.
According to Pennarun, a successful approach requires three core components: secure connections to different services in different places, the capacity to quickly authenticate identity and permissions, and the power to track what happened.
“Those three things are strangely missing from the market right now,” he claimed. “The way people are doing it instead is they slap something out on the public internet, and they cover their eyes and hope that nobody finds it. [They] don’t worry about the authentication stuff too much, and don’t do anything with auditing.”
“I think we’re going to speedrun all of the lessons we’ve learned in the last 25 years about how to do network security.”
Avery Pennarun,
Tailscale
While some companies have figured out ways to connect these dots, Pennarun claimed that a standard method doesn’t yet exist. Given that, Tailscale has been developing open-source prototypes and templates based on the company’s existing capabilities, which the CEO claims are well-suited to addressing the problem.
“We don’t need to be the focal point,” he said. “We don’t need to be the face of MCP. We’re just [saying] ‘Hey, if you don’t have Tailscale, it doesn’t work very well.’”
Pennarun described the growing interest Tailscale has seen from AI companies as “a lucky coincidence,” noting that the scaleup sees AI as another piece of the puzzle—albeit a “huge” one—on its path to solving corporate networking security challenges more broadly.
As the age of AI unfolds, Pennarun anticipates a lot of cybersecurity re-education will occur. He likened it to speedrunning, or competing to complete video games as quickly as possible.
“I think we’re going to speedrun all of the lessons we’ve learned in the last 25 years about how to do network security, because we have to do it all over again—only this time there’s a lot of pressure to integrate a bunch of services together and have a computer with access to 10 different things,” he said.
Feature image courtesy Vaughn Ridley/Web Summit via Flickr.