Exploring the Risks of Model Context Protocol (MCP) with Casey Bleeker

Summary: Timothy De Block sits down with Casey Bleeker from SurePath AI to demystify the Model Context Protocol (MCP). They discuss how this emerging standard allows Large Language Models (LLMs) to interact with external tools and why it represents a significant, often invisible, exposure risk for enterprises. Casey explains why MCP should be viewed like the HTTP protocol—ubiquitous and fundamental—and outlines the critical security controls needed to prevent data exfiltration and malicious code execution without blocking AI adoption. Key Topics Discussed What is MCP? MCP is a standard for creating a "natural language definition" of an API, allowing an LLM to intelligently determine when to call a specific tool rather than just generating text. It acts as a translation layer between a REST interface and the AI model, enabling the model to execute tasks like updating a CloudFormation stack or querying a database. The "HTTP" Analogy & Exposure Risk: Casey argues that MCP should be thought of as a protocol (like HTTP) rather than a specific tool. It is being implemented broadly across many open-source tools and providers, often hidden behind the scenes when users add "connectors" or extensions. Because it functions as a protocol, it creates a broad exposure risk where users grant AI agents permissions to create, update, or delete resources on their behalf. Vulnerabilities to Watch for in the MCP: Malicious Payloads: Downloading an external MCP resource (e.g., via npm) can lead to unvalidated code execution on a local machine before the model even calls the tool. Data Exfiltration: Users effectively grant their identity permissions to untrusted code controlled by external third parties (the LLM), allowing the AI to act as a proxy for the user on internal systems. Defense Strategies: Central Management: Organizations need a central MCP management gateway authenticated via Single Sign-On (SSO) with role-based permissions to control which tools are authorized. Deep Payload Inspection: The only true control point is the interaction between the user/agent and the AI model. Security teams must inspect the payloads in real-time to steer usage away from unapproved resources or prevent destructive actions. Authentication Specs: DCR vs. CIMD: Casey warns against the Dynamic Client Registration (DCR) flow, citing complexity and vulnerabilities in many implementations. He highly recommends demanding vendors support the CIMD (Client-Initiated Management Data) specification, which allows for proper validation of destinations and enforces valid redirect URIs.

You can listen to Exploring the Risks of Model Context Protocol (MCP) with Casey Bleeker online on Radio and Podcast. Open the player on this page to stream the available audio.

Exploring the Risks of Model Context Protocol (MCP) with Casey Bleeker is an episode from Exploring Information Security - Timothy De Block by Timothy De Block.

This episode is 00:34:52 long.

This episode was published on Apr 14, 2026.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from Exploring Information Security - Timothy De Block when more episodes are available from the podcast feed.