Understanding MCP security implications

Bill Doerrfeld | May 21, 2025

My talk at APISEC|CON 2025 covered agentic AI and MCP security risks and mitigations

Today I presented at APIsec University's APISEC|CON event, sharing my (limited) knowledge about MCP security implications. Since some attendees asked for them, here are my slides:

SLIDES: Understanding MCP Security Implications [PDF]

As I covered on The New Stack recently, researchers have discovered that MCP is not secure by default. It's prone to vulnerabilities such as tool poisoning, rug pulls, tool shadowing, and remote control execution (RCE).


My presentation covered the hype around agentic AI and the excitement around MCP. It then looks at these risks and suggests some mitigations.


It was very helpful for me to put this together, and I'll post the recording of the session once it's out.


 I'm looking forward to closely following autonomous AI, MCP, and related standards, and what all this means for protecting access to underlying APIs. 


Watch: Understanding MCP security risks (recording coming soon)
How to make APIs ready for AI agents to consume
By Bill Doerrfeld June 25, 2025
How do you make an API ready for AI agents to use? I posed this question to a handful of API experts and put together a comprehensive guide for The New Stack — published today.
Senior developers embarrassed tech stack leaddev doerrfeld storyblok report
By Bill Doerrfeld June 17, 2025
86% of developers are embarrassed by their tech stack. And, it's causing them to quit. I look at the implications of a report from Storyblok.
Comparing 6 multicloud management platforms Doerrfeld InfoWorld
By Bill Doerrfeld June 16, 2025
The majority of enterprises are now multicloud. I compared six of the leading multicloud management solutions for InfoWorld.
Large action models LAMs story Bill Doerrfeld The New Stack
By Bill Doerrfeld June 10, 2025
AI researchers are calling the next class of models large action models (LAMs). For The New Stack, I explored what LAMs are, what examples are emerging in the market, and what experts think.
7 proven AI prompting strategies for coding to try today
By Bill Doerrfeld June 9, 2025
My article for LeadDev explores specific prompting techniques proven to sharpen your AI-assisted software development.
Nordic APIs ranked #1 API blog on the web
By Bill Doerrfeld June 7, 2025
Nordic APIs, the API-specific blog I edit, was recently ranked the top API blog online by FeedSpot. After ten years managing this presence, I reflect a bit on the journey thus far.
Tips to improve your AI vibe coding
By Bill Doerrfeld June 3, 2025
Developers are realizing that being productive with AI coding assistants takes a lot more than just asking nicely. There's real craft to it.
AI coding is the easy part. Now it's time to focus on production.
By Bill Doerrfeld May 30, 2025
AI coding is the easy part. Now it's time to focus on DevOps to get it into production. In a recent interview for LeadDev's DirectorPlus, Honeycomb's CTO, Charity Majors, shares expert tips on how to accomplish this.
New tools help LLM devs improve training data decisions
By Bill Doerrfeld May 29, 2025
My latest for The New Stack explores new research from Ai2, DataDecide, which helps LLM developers make better decisions around training data.
Knowing when to use AI coding assistants Doerrfeld InfoWorld
By Bill Doerrfeld May 6, 2025
AI coding assistants are a productivity dream in some cases — and a debugging nightmare in others. So, where’s the line?
More Posts