Ep. 62 - Zero Trust Breaks Against MCP: Why "Verified" No Longer Means Safe
Most enterprises assume their Zero Trust architecture covers their AI agents. It doesn't. Hosts Tova Dvorin and Adrian Culley break down why zero trust breaks against the Model Context Protocol (MCP)—and why "verified" no longer means "safe." They unpack trust decay, the WhatsApp and GitHub MCP exploits, rug-pull tool poisoning, CVE-2025-49596, and the rise of "zero standing trust," then close with three moves for CISOs this quarter: inventory your MCP estate, mandate authentication, and validate your controls.
Key takeaways:
- Understanding MCP and its rapid adoption across industries.
- The unique security challenges posed by MCP's design.
- Real-world case studies highlighting vulnerabilities and attack vectors.
- Practical recommendations for securing MCP deployments.
Timestamps:
00:00 Introduction
00:26 What is Model Context Protocol (MCP)?
01:08 Core problems identified by the NSA
03:10 Security gaps in MCP
04:31 Zero Trust and its limitations with MCP
07:31 Real-world MCP exploit case studies
11:29 Recommendations for a defensible posture
Subscribe for weekly insights on cybersecurity and AI developments.
#MCP #ZeroTrust #AgenticAI #AISecurity