MCP makes it easy to connect LLMs to databases, APIs, ... . But once an LLM can act on real infrastructure, it becomes part of a distributed system and most MCP demos stop exactly where security should start.

In this talk, I will explain why MCP significantly increases the attack surface of LLM-based applications and why prompt-level protections are not sufficient. We will review common security pitfalls such as over-privileged tools and implicit trust between MCP servers.

Finally, the talk will focus on concrete patterns to design and operate a secure MCP setup, helping you move from demos to real-world.