Securing the Model Context Protocol: Building Defense Systems for AI Tool Ecosystems
Session Description
1. Opening & Problem Statement
Hook: "Your AI assistant just executed rm -rf / because of a malicious tool description."
What is the Model Context Protocol (MCP)?
Why traditional security tools fail with MCP
The new attack surface: tools, prompts, and resources
2. MCP Attack Vectors Deep Dive
Prompt Injection in MCP Tools
Tool Poisoning
Toxic Flow Attacks
3. Security Architecture & Solution
Defense-in-Depth for MCP
Security Scanner Architecture
Pattern-based detection
AI-powered analysis (OpenAI, HuggingFace, NeMo)
Policy engine
Cross-reference validation
4. LIVE DEMO
Scanning a vulnerable MCP configuration
5. Implementation Insights
Key Technical Challenges
Integration Strategies
Key Takeaways
Security scanning should be integrated into MCP development workflows
Tool descriptions are attack vectors and need careful validation
Cross-server communication requires special security considerations
Whitelisting trusted entities reduces false positives in production
Session Categories
Which track are you applying for?
Speakers
Srinivasan Sekar
Sai Krishna
Reviews
MCP, being an open protocol, is the only thing that is open about this talk. Not very relevant to FOSS. MCP, a social contract for interacting across AI tools that can let loose a Pandora's box of possibilities.
As another reviewer said, MCP being open source seems to be the only FOSS angle to this talk. I'm not sure how this is relevan at IndiaFOSS and different from tens of other proposals we've received about MCP.
The talk lacks a strong connection to the core principles of FOSS. While the Model Context Protocol (MCP) is open-source, the proposal itself did not highlight a specific FOSS project or your unique contribution to the ecosystem.