MCP Security: How AppSec Teams Can Shift Left Hard Enough to Overflow the Buffer

As AI integration explodes across developer workflows, a new protocol is emerging as the connective tissue between AI agents and services: the Model Context Protocol (MCP). While MCP promises to revolutionize how AI tools interface with APIs and data systems, it also introduces substantial risk.

In this APIsec|CON ’25 session, cybersecurity leader Bill (who advises high-level government security projects) takes us deep into the evolving AppSec landscape with AI. His message is clear: if you're not proactively securing MCP workflows, your APIs are already vulnerable.

The Evolving Landscape: More Agents, More Attack Surface

Bill begins by challenging a common assumption: that APIs in AI-enhanced workflows are secure by default. They're not. When AI-assisted coding tools are used without oversight, insecure code slips into production, increasing your attack surface exponentially.

In his words, “Operate under the premise that your APIs are already hacked.” AI coding assistants like GitHub Copilot don’t always follow security best practices—Bill shows how even simple suggestions can introduce SQL injections and other vulnerabilities if left unchecked.

From Traditional to MCP-Aware Workflows

Most dev workflows still silo security testing near the end. But as AI agents take more initiative in coding and orchestration, security must shift all the way left—into planning and design.

Bill introduces a revised workflow:

• Planning & Threat Modeling (Company-wide)
• Secure Design Guidelines
• AI-Assisted Development with Guardrails
• Integrated Security Testing via MCP

He emphasizes that threat modeling isn’t just for security engineers. Everyone—from CEOs to junior developers—must understand the threats AI agents introduce and actively participate in mitigation.

The Rise of SER: Security Empowered Rapid Development

Bill’s approach, dubbed SER (Security Empowered Rapid Development), proposes real-time security validation within development environments using MCP as a bridge. Imagine an AI coding assistant that not only helps write code but also queries a backend MCP server to validate it in real time.

He outlines a prototype where:

• Developers get immediate feedback on insecure code
• Hardcoded secrets are flagged before hitting Git
• Common OWASP Top 10 API threats are automatically checked
• Logs and usage data flow securely over MTLS channels

The Reality of Insecure Defaults

A major insight from the talk: AI doesn’t generate secure code by default. Copilot often recommends unsafe practices unless prompted otherwise. For example, it may hardcode secrets or leave endpoints injectable unless the developer has the security context to guide it.

What’s worse? Junior developers may falsely assume AI knows best, shipping insecure features under the illusion of safety. “You are now my senior developer” might sound like a joke—but it’s a real risk when developers blindly trust AI output.

Using MCP to Fight Fire with Fire

MCP is not just a risk—it’s also an opportunity. Bill argues that AppSec teams can use the same protocol developers are adopting to strengthen security. By deploying MCP-enabled security services, teams can:

• Embed real-time SAST/DAST checks
• Fuzz inputs during development
• Detect hardcoded credentials
• Track model behavior and log interactions

He shares a mockup of a potential MCP-driven red-team tool that can automatically test code against common exploits and feedback results directly into the dev environment.

Key Recommendations for DevSecOps Teams

• Threat model everything. Treat every agent interaction as potentially exploitable.
• Educate developers. Teach OWASP API Top 10 vulnerabilities in tandem with AI coding practices.
• Enforce secrets management. No API keys in Git—ever.
• Deploy MCP-aware security testing. Let developers use AI—but give them secure guardrails.
• Build a security-first culture. Everyone plays a role, from the C-suite to interns.

Final Thoughts: Everyone Is Security

Bill closes with a powerful reminder: “Only you can prevent API breaches.” Security is no longer the job of just AppSec teams—it must be a collaborative effort across all departments. MCP is here, AI isn’t slowing down, and your security strategy needs to evolve—now.

If you're not already embedding security into the AI-driven development loop, you're falling behind. Use the tools, but don’t forget to secure them.

Explore More

• Want a deeper dive into MCP and AI agent security?
• Check out our guide to AI-augmented AppSec on APIsecUniversity.com
• Watch the full session replay here