This talk explores how to design MCP‑enabled applications with security and privacy embedded from the earliest architectural decisions. We examine how MCP fundamentally reshapes trust boundaries by allowing AI systems to directly interact with APIs, databases, internal services, and third‑party tools often with elevated privileges. Traditional controls such as perimeter defenses, static IAM roles, and backend validation alone are insufficient when AI agents reason, decide, and act autonomously within live environments. Instead, security must shift left into context governance, capability scoping, and protocol‑level assurance.
Attendees will gain a practical understanding of the core threat model for MCP‑enabled systems, including prompt and context injection attacks, tool‑abuse escalation, malicious or compromised MCP servers, insecure plugin onboarding, and unintended data disclosures through over‑broad context sharing. We will demonstrate how these risks manifest across real‑world use cases such as developer copilots, customer support agents, data analysis assistants, and autonomous workflow orchestrators.
The session then presents a Secure by Design blueprint for MCP applications, covering:
• Principle of least privilege for tools and context, ensuring models receive only the minimum capabilities and data required per task.
• Context isolation and segmentation, preventing cross‑tool contamination and limiting blast radius.
• Strong identity, authentication, and authorization for MCP servers, clients, and tools, including workload identity and short‑lived credentials.
• Deterministic policy enforcement around tool invocation, data access, and output handling.
• Secure defaults and fail‑safe behavior, especially when models encounter ambiguous or malicious prompts.
• Observability, logging, and continuous assurance to detect misuse, drift, and anomalous agent behavior.
By grounding Secure by Design principles in MCP‑specific patterns, this session bridges the gap between traditional application security and emerging AI system architectures. Attendees will leave with actionable guidance to build MCP‑enabled applications that are resilient, auditable, and trustworthy by default, enabling innovation without sacrificing security, privacy, or user trust.
This talk is designed for application security engineers, platform architects, AI engineers, and security leaders who are building or governing AI‑powered systems and want to move beyond reactive controls toward proactive, protocol‑aware security for the age of autonomous AI.