Model Context Protocol is Insecure by Design

by Jesse Merhi | Friday 07, 4:30pm - 5:00pm

The rise of LLMs has sparked developments in Agentic Artificial intelligence. The advent of self-executing AI command line tools means these Agents can control everything. From our computer’s filesystem to Full stack web applications, there are no limits to what it can do.

But, with great power comes great responsibility and researchers have demonstrated that due to architectural insecurities in these systems they can be abused to do something like… deleting your entire filesystem because a Github issue told them to do it!

In the talk, Jesse will take you through a brief history of the Model Context Protocol (MCP), why its useful, and of course, why it is insecure by design. He will then discuss methods that researchers have conceptualised to secure these systems and how we might apply these same concepts to our existing agentic tools.

About Jesse Merhi

Jesse is a product Security Engineer at Atlassian who has a keen interest in machine learning (uses ChatGPT daily). Over the past couple of years, he has worked to explore large language models (LLMs), investigating their inner workings and understanding both their capabilities and limitations.

← Other talks