MCP Security
Fundamentals

Master Model Context Protocol (MCP) Security with APIsec University. Learn how MCP connects AI tools and APIs, explore real-world attacks, build and test MCP servers, and secure this emerging AI integration layer. Through hands-on labs and expert guidance, gain the skills to identify vulnerabilities like tool poisoning, prompt injection, and supply chain attacks—helping you protect organizations adopting MCP in the fast-evolving AI landscape.

(Earn 2 CPEs)

EXISTING STUDENT?
Add course to library
NEW STUDENT?
ENROLL NOW

Course Topics

Introduction

Learn MCP security basics, explore business use cases, and see real-world risks with hands-on demos to understand and secure this fast-evolving AI integration tech.

What is MCP?

Learn MCP security basics, explore business use cases, and see real-world risks with hands-on demos to understand and secure this fast-evolving AI integration tech.

Technical Architecture

Explore MCP’s 5-layer architecture, JSON-RPC communication, and how insecure inputs, poor auth, and transport flaws expose AI apps to prompt injection, RCE, and tool hijacking risks.

Understanding MCP Capabilities

Learn how MCP tools, resources, and prompts work—and how each can be exploited via SQLi, path traversal, or hidden prompt injections that manipulate LLM behavior to exfiltrate sensitive data.

MCP In the Wild

Explore real-world MCP adoption, the rise of unvetted third-party MCP servers, and how misconfigured or malicious servers expose AI apps to RCE, MITM, and social engineering attacks.

MCP Vulnerabilities

Explore key MCP vulnerability classes—tool poisoning, prompt injection, API abuse, tool confusion, and supply chain attacks—and how they expand AI’s attack surface beyond traditional API risks.

Continuing with MCP Security

Wrap up your MCP journey with key takeaways, security best practices, future trends, and tools to secure AI integrations—empowering you to advise and protect your organization effectively.

Photo of Corey Ball

Corey Ball

Chief Hacking Officer, APIsec University

You can design an API you think is ultra-secure, but if you don't test it, then a cybercriminal somewhere is going to do it for you."

"

Meet the Instructor
Corey Ball

Corey Ball has emerged as one of the leading experts in API security and is the author of Hacking APIs. Corey is a cybersecurity consulting manager at Moss Adams, where he leads its penetration testing services. He has over ten years of experience working in IT and cybersecurity across several industries, including aerospace, agribusiness, energy, financial tech, government services, and healthcare.

Enroll Now

Earn your APIsec University Certificate

  • Earn an APIsec University certificate and badge for completing any of our courses.

  • Post your badge on LinkedIn and share your accomplishments. You can even receive CPE credits for taking these courses.