MCP security hot potato: how to stay secure integrating external tools to your LLM (god2025)

Chaos Computer Club - recent audio-only feed

Contenu fourni par CCC media team. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par CCC media team ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.

16d ago 24:38

MP3•Maison d'episode

Model Context Protocol (MCP) is the latest hot topic in cybersecurity. Business wants it (AI is the new mantra), developers are excited (new toys, new code), and security teams are left to make it safe—often with already packed schedules. Let's treat it like just another Tuesday. Like many shiny new technologies (remember the early days of cloud?), MCP is being built with a “features first, security later” mindset. As a fresh piece of tech, it blends novel vulnerabilities with familiar, well-known ones. If you're an early adopter, it's important to accept that MCP and its current implementations are imperfect—and to be ready for that. In this talk, we'll dive into the real-world challenges companies are facing with MCP and equip you with practical remediations. We'll cover topics such as: An introduction to the MCP protocol and its security considerations, including authentication Emerging vulnerabilities like prompt injections, tool poisoning, rug pull attacks, and cross-server tool shadowing Classic vulnerabilities that may resurface around MCP, based on recent CVEs Remediation strategies and available tooling Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de

2408 episodes

#CCC media team #Ccc Congress Hacking Security Netzpolitik #Sicherheit #Technologie #Software-Entwicklung