MCP Security workshop for your team

AI security poses an urgent problem that traditional AppSec fails to address. Adoption via MCP is moving fast, and the security surface is fundamentally changing. MCP introduces newe trust boundaries that conventional tooling and knowledge bases do not cover.
‍

• THE NEW ATTACK: Vulnerabilities like tool poisoning, prompt injection, api security, tool confusion, and supply chain attacks now look like expected, natural language traffic, making them almost undetectable by older AppSec tools.
• EXPOSED API LAYER: The entire right-hand side of the attack vector is still composed of API requests. An MCP server simply creates a new, powerful vector for existing API vulnerabilities.‍
• COMPOUNDING RISK: Chaining multiple MCPs multiplies the risk, quickly building complex attack vectors that are hard to fathom.

‍

This session is highly practical, featuring insights and demonstrations directly from our industry-leading MCP Security Fundamentals course.
‍

• MCP ARCHITECTURE FLAWS: Gain a foundational grasp of "what the heck is MCP" and see how easily a working server can be "vibe coded". Understand the five-layer architecture and how insecure inputs expose applications to RCE and tool hijacking.
• LIVE EXPLOITATION VIDEOS: Watch a real-world exploit demonstration where a prompt breaks the sandbox and performs directory traversal to steal confidential API secrets, showing exactly where things can go wrong.
• DEFENDING AGAINST TOOL POISONING: Learn how unvetted and updated third-party tools can become malicious (the jfr incident). Get best practices for diligence and review when dealing with open-source MCP servers.
• RISK-BASED PERMISSIONING: Move away from the "select all" security mindset. Learn to make careful, risk-based decisions about giving LLMs permissions (especially delete/alter functions) and when to introduce a "human in the middle" for critical actions.

‍