About this episode
What if the MCP server you installed last week is silently leaking your emails to a stranger? The AI tools boosting your productivity could already be your biggest security liability.MCP (Model Context Protocol) has quickly become the standard for connecting AI agents to external tools and data sources. But as adoption accelerates, so do the risks – from malicious servers harvesting your credentials in the background, to local processes exposed to your entire network with no authentication. Most developers install MCP servers without fully understanding what code is running or who wrote it, creating serious supply chain and shadow IT problems inside organizations.In this episode, Ariel Shiftan, CTO of MCPTotal, explains how MCP actually works, why there is a wide gap between its original design and how it is used in practice, and what that gap means for security. He also walks through real zero-days his team has discovered and shares practical advice for developers and enterprise leaders trying to adopt MCP without compromising their security posture.Key topics discussed:What MCP is and why it won the “USB for AI” raceWhy most MCP servers are just API wrappers done wrongReal zero-days found in popular, widely used MCPsHow malicious MCPs can silently leak your credentialsThe supply chain risks hiding inside your dev toolchainWhy banning MCP in your org is the wrong moveBest practices for writing well-designed MCP serversWhy agent permission prompts need better security defaultsTimestamps:(00:00:00) Trailer & Intro(00:02:49) What Is MCP and Why Is It Called the USB for AI?(00:07:22) How Does MCP Differ from Standard REST APIs?(00:13:40) What Can AI Agents Do with MCP Beyond Reading Data?(00:16:56) What Is RAG and How Did AI Evolve to Tool Calling?(00:19:54) Why Is MCP Misused as an API Catalog and What Does That Cost?(00:25:04) What Are AI Skills and How Do They Compare to MCP?(00:30:29) How Does MCP Server Architecture Work Under the Hood?(00:37:01) How Do Malicious and Vulnerable MCP Servers Put Organizations at Risk?(00:45:30) What Real-World MCP Vulnerabilities and Zero-Days Have Been Found?(00:50:30) How Should Enterprises Enable MCP Adoption Without Compromising Security?(00:53:16) What Are Best Practices for Writing a Well-Designed MCP Server?(00:59:14) How Should AI Agents Handle Permissions Without Overwhelming Users?(01:05:26) 3 Tech Lead Wisdom_____Ariel Shiftan’s BioAriel is a software engineer and security expert with more than 20 years of hands-on and executive leadership experience across cybersecurity, distributed systems, and AI infrastructure. He holds a PhD in Computer Science, specializing in advanced algorithms and systems. Earlier in his career, Ariel founde
