Everyone adopts MCP Servers. Everyone deploys MCPs. Everyone secures their MCP Servers. Oh, they don’t? Who would’ve thought! Well this talk isn’t about adding authentication to your MCP Server, it’s about inviting you to the deep-end observatory of threats and risks in the MCP ecosystem. MCP Servers introduce new threat vectors and security risks from insecure MCP Servers code, to malicious MCPs harboring tool poisoning attacks and all the way to indirect prompt injection that compromise MCP IDEs and Cursor and AI apps like Claude Desktop.
In this highly technical session I'll demonstrate active exploitation techniques against MCP deployments: how a single malicious tool description can exfiltrate credentials, and how insecure MCP Servers are exploited by attackers to run arbitrary code. You’ll walk away with a clear understanding of the various moving parts in the MCP security threat landscape so you can better assess your risks and security strategies as well as gain key insights and security best practices for building secure MCP servers that you can apply when adopting and building MCP servers.
Liran Tal is a software developer, and a GitHub Star, world-recognized for his activism in open source communities and advancing web and Node.js security. He engages in security research through his work in the OpenJS Foundation and the Node.js ecosystem security working group, and further promotes open source supply chain security as an OWASP project lead. Liran is also a published author of Essential Node.js Security and O'Reilly's Serverless Security. At Snyk, he is leading the developer advocacy team and on a mission to empower developers with better dev-first security.
