Jump to navigation Jump to content

Speaker

Nick Davitashvili

Nick Davitashvili

Principal Architect, Aviatrix · Cloud networking, AI security, Quote Misrememberer

Edinburgh, United Kingdom

Actions

Nick Davitashvili is a Principal Architect at Aviatrix.

He started in network engineering, moved into cloud architecture via edge infrastructure for autonomous vehicles and deep learning for transportation systems, and has operated in the multi-cloud area code ever since. He has given a TEDx talk on technology and environmental advocacy and contributed to Packet Pushers and other technical media.

At Aviatrix, he has shipped a public MCP server for network operations and maintains open-source Obot blueprints for agentic AI workloads. The attack scenario in this talk came directly from that work: securing AI agent deployments in production cloud environments, then discovering that Kubernetes NetworkPolicy cannot see what MCP tools are doing.

Georgian-born, Edinburgh-based. First KCD talk.

Links

Area of Expertise

  • Arts
  • Environment & Cleantech
  • Information & Communications Technology
  • Region & Country

Sessions

Prompt Injection to Data Exfil in 3 Hops: Why NetworkPolicy Isn't Enough for AI Agents

MCP gives your AI agent hands. Port 443 gives those hands reach.

Agents running in Kubernetes are being built on MCP: a protocol that lets them invoke tools, fetch URLs, read files, and call APIs. The attack surface this creates is real and largely unexamined. One prompt injection is enough to redirect an agent into making an MCP tool call against an attacker-controlled endpoint. The blast radius of a compromised agent extends to everything within reach of its MCP tools. The exfiltration path is indistinguishable from legitimate traffic. Kubernetes NetworkPolicy, operating at L3/L4, cannot see it.

This talk runs the full attack chain live: prompt injection in an Obot-based agent, an MCP tool call redirected outbound, data leaving the cluster on port 443 with no NetworkPolicy violation. Then we look at what enforcement actually requires: a choke point with L7 visibility that understands destination FQDNs, not just IPs and ports.

You will leave with a vendor-neutral threat model for MCP deployments and a public lab repo to clone and run yourself.

Nick Davitashvili

Principal Architect, Aviatrix · Cloud networking, AI security, Quote Misrememberer

Edinburgh, United Kingdom

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top