Securing Model Context Protocol (MCP) with Vandana Verma (Snyk)
Details
Remember when web apps were plagued by SQL injection vulnerabilities everywhere? AI agents with MCP (Model Context Protocol) are repeating history. MCP lets LLMs connect to your databases, filesystems, APIs, and cloud services. Developers are shipping agents with zero authorization checks, treating AI outputs as trusted commands, and exposing sensitive data through poorly secured tool connections.
Vandana Verma, Security Relations Leader at Snyk and ex-Vice Chair of the OWASP, will present security practices for MCP-powered agents in production.
What you'll learn:
- How OWASP LLM Top 10 risks manifest in MCP implementations
- Practical security patterns for tool authorization, data exposure, and prompt injection in MCP contexts
- Real-world attack scenarios and defenses
Homework (optional reading before the session):
- Anthropic: Disrupting the First AI-Orchestrated Espionage Campaign
- OWASP MCP Top 10
- OWASP GenAI Security Project
- Vandana's OWASP LLM Top 10 playlist
- Snyk: MCP Security Controls for OWASP
- Snyk: Prompt Injection in MCP
Format: Virtual lunch & learn (12:00-1:30 PM EST Friday). Grab your lunch and join us!
Artificial Intelligence
OWASP
White Hat Hacking
Information Security
Software Development
Sponsors
Magma Inc.
Organizes logistics, speakers, and resources for each event.
Manning Publications
Monthly Book / Video / liveProject giveaways.