BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//talk//89ZN8M
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-89ZN8M@pretalx.com
DTSTART;TZID=CET:20260507T111500
DTEND;TZID=CET:20260507T115500
DESCRIPTION:Model Context Protocol (MCP) servers are rapidly becoming the i
 ntegration layer between AI agents and real-world systems. They connect mo
 dels to ticketing platforms\, source control\, CI/CD pipelines\, internal 
 APIs\, and local files\, often running with production credentials and net
 work reach.\n\nDespite this\, MCP servers are frequently deployed as “de
 veloper tooling\,” bound to 0.0.0.0\, and rarely threat-modeled as infra
 structure.\n\nIn this talk\, we present offensive research into the MCP ec
 osystem and demonstrate how classic vulnerability classes become significa
 ntly more impactful when placed inside agent-driven automation layers.\n\n
 Through real-world case studies\, including critical vulnerabilities affec
 ting a widely deployed Atlassian MCP server (4M+ downloads)\, we show how 
 network-reachable services can be coerced into outbound pivoting\, filesys
 tem control\, and full remote code execution.
DTSTAMP:20260412T024937Z
LOCATION:IFEN room 2\, Workshops and AI Security Village  (Building D)
SUMMARY:Breaking the Control Plane: Exploiting MCP Servers in AI Workflows 
 - Yotam Perkal
URL:https://pretalx.com/bsidesluxembourg-2026/talk/89ZN8M/
END:VEVENT
END:VCALENDAR