Understanding MCP security implications

Bill Doerrfeld | May 21, 2025

My talk at APISEC|CON 2025 covered agentic AI and MCP security risks and mitigations

Today I presented at APIsec University's APISEC|CON event, sharing my (limited) knowledge about MCP security implications. Since some attendees asked for them, here are my slides:

SLIDES: Understanding MCP Security Implications [PDF]

As I covered on The New Stack recently, researchers have discovered that MCP is not secure by default. It's prone to vulnerabilities such as tool poisoning, rug pulls, tool shadowing, and remote control execution (RCE).


My presentation covered the hype around agentic AI and the excitement around MCP. It then looks at these risks and suggests some mitigations.


It was very helpful for me to put this together, and I'll post the recording of the session once it's out.


 I'm looking forward to closely following autonomous AI, MCP, and related standards, and what all this means for protecting access to underlying APIs. 


Watch: Understanding MCP security risks (recording coming soon)
Colorful hot air balloons against a bright blue sky.

Releasing an MCP server: lessons learned

By Bill Doerrfeld September 26, 2025
For my latest DirectorPlus edition, I interviewed Thomas Johnson, co-founder and CTO of Multiplayer, about lessons learned releasing their MCP server.
Abstract blue web-like structure, possibly fabric, with a shimmering effect.

Do you really need a vector-native database?

By Bill Doerrfeld September 23, 2025
Explore whether vector native databases outperform traditional DBs with vector add-ons for AI. Learn use cases, tradeoffs, and expert insights.
Man presenting at the Nordic APIs conference, standing in front of a screen, with audience.

See you at Platform Summit 2025 in Stockholm

By Bill Doerrfeld September 17, 2025
Join me in Stockholm for Platform Summit 2025 and the API Security UnConference, October 13–15. Exciting talks, networking, and more.
A grey articulated figure kneeling, arranging small white objects in a clear plastic container. White background.

When does MCP make sense?

By Bill Doerrfeld September 11, 2025
MCP shines for indeterministic workflows, novel integrations, and giving AI coding agents context on the fly. But for more predictable automation it may be overengineeering.
Overhead view of construction site with workers in orange vests, metal beams, and dark concrete.

Finding business leverage with multiple agents

By Bill Doerrfeld August 30, 2025
For my latest DirectorPlus column with LeadDev, I synced with JB Brown, VP of engineering at Smartsheet, to learn about their multi-agent AI development strategy.
Pink and purple sunset sky with dark, fluffy clouds.

Alternative clouds are having a moment

By Bill Doerrfeld August 25, 2025
Alternative clouds are having a moment. Nearly 75% of orgs are using two or more alt clouds beyond the hyperscalers, according to a HostingAdvice.com report.
Digital global CIOs digital sovereignty

Digital sovereignty is now impossible to ignore

By Bill Doerrfeld August 20, 2025
The cloud is no longer borderless. Rising regional data laws and sovereign cloud mandates are forcing CIOs to act.
A

Multi-agent AI workflows reshape the developer's day-to-day

By Bill Doerrfeld August 11, 2025
In a multi-agent coding workflow, an engineer leads a "team" of specialist AI agents to perform various SDLC tasks: scaffolding, coding, testing, log analysis, deployment, and more.
Open source software churn end of life

When critical open source goes end of life...

By Bill Doerrfeld August 8, 2025
Open-source software churn is accelerating. With more frequent version end-of-lives and even total project abandonments, it's harder than ever to keep up.
Hype drives most programming language igrationsigra

Most language migrations are driven by hype

By Bill Doerrfeld July 30, 2025
I covered a report from HostingAdvice.com, which found that the majority of programming language migrations are driven by hype, instead of proven outcomes.