2025-08-05 –, Florentine A
The Model Context Protocol (MCP) is rapidly becoming the standard for connecting AI agents to tools, data, and services. Its promise of seamless integration has led to widespread adoption. However, beneath its streamlined facade lies a series of critical security vulnerabilities that threaten the very systems it aims to enhance.
In this talk, we will delve into the inherent risks of MCP, including:
Tool Poisoning: How malicious tool descriptions can manipulate AI behavior.
Shared Memory Exploits: The dangers of unvalidated context sharing among agents.
Version Drift: The perils of unversioned tools leading to unexpected behaviors.
Line Jumping Attacks: Exploits that occur before any tool is explicitly invoked.
Through real-world examples and demonstrations, attendees will gain a clear understanding of these threats and the steps necessary to mitigate them.
This presentation aims to shed light on the overlooked security challenges posed by MCP. Drawing from recent analyses and vulnerabilities, we will explore how the protocol's design choices, while facilitating integration, inadvertently open doors to exploitation.
Key points include:
Understanding MCP's Architecture: A breakdown of how MCP connects AI agents to external tools and the trust assumptions involved.
Exploiting Trust: Demonstrations of how malicious actors can leverage MCP's features to execute unauthorized actions.
Mitigation Strategies: Discussion of proposed frameworks and best practices to secure MCP implementations, including the Agent Security Framework and MCP Guardian.
Attendees will leave with actionable insights into securing their AI integrations and a deeper appreciation for the importance of protocol-level security considerations.
Srajan is a security engineer and builder focused on uncovering how systems fail — not just through vulnerabilities, but through the architecture itself. With a background in application security, platform engineering, and threat modeling, Srajan works at the intersection of usability and risk, helping teams identify and address design-level security flaws before they become incidents.
Their research often explores trust boundaries, secure defaults, and the hidden assumptions baked into the applications and infrastructure. They are especially interested in how attackers exploit the gray areas between platforms, automation, and access controls — and how defenders can close those gaps without slowing down delivery.
Srajan is passionate about building practical security tools, automating guardrails, and making threat modeling an everyday engineering skill.