AI 에이전트 활용에 따른 개인정보 위협과 대응 방안 : Model Context Protocol 이용 환경을 중심으로

This study identifies potential personal information threats in Model Context Protocol (MCP) based environments, which are widely used to integrate external tools and data in AI agent environments, and proposes corresponding countermeasures. For structural threat analysis, the study employs the Cloud Security Alliance's MAESTRO threat modeling framework to identify security threats for each MCP component. The identified threats are then reconstructed as personal information threats from the perspective of the personal information processing lifecycle. The analysis reveals that MCP based environments pose risks that can undermine the effectiveness of data subjects' consent, reduce control over the use of personal information beyond its original purpose, and diminish transparency in data provision pathways. Building on these findings, the study analyzes limitations in the application of Korea's Personal Information Protection Act and related notices and guidelines, and proposes countermeasures at the sub-regulatory level, including dynamic consent management systems, purpose consistency verification, and supply chain controls. Accordingly, this study aims to establish a policy foundation for the effective implementation of personal information protection principles in MCP based AI agent environments.