Vinay Kumar
Vinay Kumar is the founder of Sudoviz, an AI-powered Application Security Posture Management (ASPM) platform that helps security teams triage, analyze, and remediate code vulnerabilities using AI-driven automation. He is building TuringMind AI, - CoPilot for AppSec teams. After a decade in Data Analytics, AI and AppSec, Vinay transitioned to entrepreneurship focusing on reducing false positives, automating security workflows, and bridging the AppSec skill gap. He is a writer and speaker passionate about AI-driven security and the future of developer-led AppSec.
Session
The Model Context Protocol (MCP) is rapidly becoming the standard for connecting AI agents to tools, data, and services. Its promise of seamless integration has led to widespread adoption. However, beneath its streamlined facade lies a series of critical security vulnerabilities that threaten the very systems it aims to enhance.
In this talk, we will delve into the inherent risks of MCP, including:
Tool Poisoning: How malicious tool descriptions can manipulate AI behavior.
Shared Memory Exploits: The dangers of unvalidated context sharing among agents.
Version Drift: The perils of unversioned tools leading to unexpected behaviors.
Line Jumping Attacks: Exploits that occur before any tool is explicitly invoked.
Through real-world examples and demonstrations, attendees will gain a clear understanding of these threats and the steps necessary to mitigate them.