Agentic AI at risk after MCP design flaw discovery? #ai #cybersecurity #podcast

In this week's Intel Chat, Chris Luft and Matt Bromiley discuss a design flaw in Anthropic's Model Context Protocol (MCP) that could enable large-scale supply chain attacks on agentic AI systems.

Researchers at OX Security found that MCP's command execution allows malicious commands to run silently without sanitization checks or warnings.

Matt clarifies what this means for organizations: MCPs aren't inherently malicious or insecure, but there are ways for them to be abused. You're dealing with an open source project that loads additional libraries on your system, creating another potential attack vector.

His advice? You don't need to throw your entire infrastructure away. You just need to be a little more careful. Double check your code, be cautious about what you download and install, and make sure you have the right security controls in place.

The episode also covers APT41 deploying a Linux backdoor targeting cloud credentials, Fancy Bear using zero-days in Ukraine supply chain attacks, and a critical NGINX UI vulnerability being actively exploited.