Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most organizations have no idea how many MCP servers are running in their environment—and attackers are counting on that. In this clip, Adrian Culley breaks down the exact steps security teams need to take now: run the network scan, apply stringent code review to every MCP server project you find, and mandate authentication. Authorization may be optional in the MCP spec—but it doesn't have to be optional in your deployment.

In a multi-agent AI workflow, one agent's output becomes the next agent's input. That's the design. It's also the attack surface. Researchers have demonstrated that a single poisoned output can cascade across an entire pipeline — triggering unauthorized behavior, data exfiltration, and control flow hijacking across chained MCP processes. The attack class is called toxic flows. And every one of them passes classical zero trust checks.

A security researcher introduced a malicious MCP server into an environment that already had a legitimate WhatsApp integration—and watched it silently expose message history without any user approval. The technique is called a rug pull. The server advertised one behavior at installation. On second usage, it switched to something else entirely. The approval was real. The thing you approved was not. This is what trust decay looks like in practice—and it passes every classical security check.

Most enterprises assume their Zero Trust architecture covers their AI agents. It doesn't. Hosts Tova Dvorin and Adrian Culley break down why zero trust breaks against the Model Context Protocol (MCP)—and why "verified" no longer means "safe." They unpack trust decay, the WhatsApp and GitHub MCP exploits, rug-pull tool poisoning, CVE-2025-49596, and the rise of "zero standing trust," then close with three moves for CISOs this quarter: inventory your MCP estate, mandate authentication, and validate your controls.

AI just handed attackers a new front door — and most security teams don't even know it exists. Model Context Protocol (MCP) is the emerging standard that lets AI agents talk to your tools, your data, and each other. It's also the most significant new attack surface to emerge in years. The NSA noticed. Your adversaries already have.

The NSA just published a rare advisory on the Model Context Protocol (MCP)—the plumbing under nearly every agentic AI deployment of the last 18 months—and the verdict is stark: optional authentication, no token lifecycle, silent behavior changes, and no logging to catch any of it. Host Tova Dvorin sits down with defensive cybersecurity expert Adrian Culley to unpack the eight risk categories, the WhatsApp and GitHub MCP exploits, and why MCP is now a testable validation surface.