Security Challenges in MCP Servers

Model Context Protocol (MCP) servers are rapidly becoming the connective tissue between large language models, internal data, and production infrastructure—and they are also quietly expanding the blast radius of every AI deployment. This talk examines why securing MCP servers is fundamentally harder than locking down a typical microservice or API gateway: they often run with broad system and data permissions, execute arbitrary tools on behalf of models, and are frequently deployed as unvetted third-party components or “shadow” services outside normal governance. We will walk through the emerging MCP threat landscape, including prompt and tool poisoning, privilege abuse, misconfigurations, weak or missing auth, credential exposure, malicious/rogue servers, and cross-server chaining and lateral movement paths that turn one compromised MCP into an organization-wide foothold.​
Using concrete incident-style scenarios and reference architectures, the session will show how these risks map onto classic security domains—identity, secrets management, network segmentation, observability, and supply-chain integrity—while highlighting where existing controls fail in MCP-heavy environments. Attendees will learn a practical playbook for MCP server defense-in-depth: standardizing trust boundaries, enforcing strong authentication and fine-grained authorization, sandboxing and egress control for tools, hardening configuration and secrets handling, detecting prompt- and tool-level attacks, and introducing governance guardrails around third-party and “local” MCP servers.

Presenter
Rod Soto