The Model Context Protocol (MCP) is transforming how AI systems interact with data and services. By making APIs accessible to large language models, MCP offers a simple and powerful way to connect applications with AI agents. With growing adoption by major AI companies and widespread deployment of MCP servers, this protocol is rapidly becoming the de facto bridge between systems and intelligent agents.

But with great power comes great risk.

MCP allows remote AI agents to perform any action a user could take—often without traditional safeguards. Imagine an AI accessing your GitHub account and issuing commands on your behalf. MCP makes this possible. The problem? Most APIs were designed with cautious, technically savvy developers in mind—not ordinary users experimenting with LLM prompts and untrusted MCP servers found online.

In this talk, we’ll unpack the security implications of MCP, walk through real-world attack vectors, and provide concrete strategies for mitigation. The session is led by Angus Chen, a cybersecurity expert, and Aleks Jakulin, an AI researcher and contributor to open web standards. Both are members of Sundai, a leading hacker collective affiliated with Harvard and MIT.