Securing the Invisible Thread: Threat Modeling and Defending Model Context Proto
Details
Talk Title (MCP / Agentic AI)
“Securing the Invisible Thread: Threat Modeling and Defending Model Context Protocol (MCP) in Agentic AI Systems”
Talk Abstract
As organizations rapidly adopt Agentic AI, the Model Context Protocol (MCP) has emerged as a powerful enabler—connecting LLMs to tools, data sources, APIs, and systems with unprecedented ease. But this same abstraction layer is quietly becoming a security force multiplier, expanding attack surfaces in ways traditional AppSec models were never designed to handle.
In this talk, Vandana Verma Sehgal breaks down how MCP fundamentally changes trust boundaries in AI systems. She explores real-world threat scenarios including context poisoning, token and secret leakage, privilege escalation via scope creep, tool misuse, and shadow MCP servers, showing how seemingly “helpful” agents can become highly effective attack orchestrators.
Drawing from the OWASP MCP Top 10, community research, and field observations, this session provides:
A clear mental model for threat modeling MCP-based architectures
Key anti-patterns and failure modes seen in early MCP deployments
Practical security controls, governance strategies, and runtime defenses for MCP and agentic workflows
Attendees will leave with actionable guidance to design, deploy, and govern MCP-enabled systems securely—without slowing innovation.
short bio :
Vandana Verma Sehgal is a globally recognized cybersecurity leader, Staff Security Advocate at Snyk, and a former OWASP Global Board Member. She is deeply involved in shaping the future of application security, software supply chain security, and AI-native security, with a strong focus on Agentic AI, LLM security, and Model Context Protocol (MCP) risks.
Vandana is a founding contributor and active leader across multiple OWASP initiatives, including the OWASP LLM Top 10, OWASP MCP Top 10, and OWASP GenAI Security Project. She regularly speaks at global conferences such as Black Hat, OWASP AppSec events, BSides, and Nullcon, and is known for translating complex security concepts into practical, human-centric guidance for builders, security teams, and leadership.
Beyond her technical work, Vandana is a passionate community builder, mentor, and educator, driving inclusive security communities and next-generation AI security education worldwide.
when : 28 th january 2026, 14:00 pm- 15:00 pm
where : online by zoom, this session will deliver in english