Episode 307 - 2025 Retrospective, Supply Chain, MCP and APIs

In episode 307 of Absolute AppSec, hosts Ken and Seth conduct a retrospective on the application security landscape of 2025. They conclude that their previous predictions were largely accurate, particularly regarding the rise of prompt injection, AI-backed attacks, and the industry-wide shift toward per-token billing models. A major theme of the year was the solidification of supply chain security as a critical pillar of AppSec, driven by notable incidents such as Shai Hulud and React for Shell. The hosts also share insights from their four-day training course on utilizing LLMs for secure code review, noting that while AI development is becoming more prevalent, most practitioners are still in the nascent stages of building custom tooling. Much of the discussion focuses on the Model Context Protocol (MCP); while it offers significant value for agentic workflows, the hosts criticize its current lack of robust security controls, specifically highlighting issues with OAuth implementations and short timeouts in existing clients. Finally, they discuss how the industry is moving toward a more nuanced balance between deterministic tools like Semgrep and the probabilistic creativity of LLMs to increase efficiency in security consulting.

You can listen to Episode 307 - 2025 Retrospective, Supply Chain, MCP and APIs online on Radio and Podcast. Open the player on this page to stream the available audio.

Episode 307 - 2025 Retrospective, Supply Chain, MCP and APIs is an episode from Absolute AppSec by Ken Johnson and Seth Law.

The episode duration depends on the source podcast feed and may not always be available.

This episode was published on Dec 23, 2025.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from Absolute AppSec when more episodes are available from the podcast feed.