MCP adoption has outpaced security. An audit of 17 popular MCP servers found an average security score of 34 out of 100. Tool poisoning attacks succeed at 84.2% with auto-approval enabled. Over 30 CVEs have been filed against MCP implementations in the past 60 days. The first confirmed malicious MCP server, postmark-mcp, silently BCC'd every outgoing email to an attacker-controlled address for weeks before detection.

OWASP responded with the MCP Top 10, a structured threat taxonomy purpose-built for the protocol. This talk is a practitioner's walkthrough of all ten risks, not a slide-read, but a builder's guide to what each risk looks like in a real MCP deployment, how it gets exploited, and what a concrete fix looks like in code.

We cover token mismanagement and secret exposure, prompt injection via tool responses, tool poisoning through malicious descriptions, excessive permissions, insecure output handling, context over-sharing, missing authentication, rug-pull attacks, shadow MCP servers, and the audit trail gap.

Leave with a pre-deployment security checklist you can run against any MCP server before connecting it to production.