Episode Details

Back to Episodes
The Dark Side of MCP Servers

The Dark Side of MCP Servers

Published 4 days, 15 hours ago
Description

Sam Partee (CTO & co-founder of Arcade.dev) and Nate Barbettini (Founding Engineer at Arcade.dev) sit down at the MCP Dev Summit to unpack what nobody wants to admit about the Model Context Protocol: the security model is still full of sharp edges. From tool poisoning and prompt injection to why OAuth got bolted onto the spec, this is a builder 's-eye view of where MCP breaks — and how to ship agents safely anyway.

What we get into:🔓 OAuth on MCP — Why the spec adopted OAuth as its authorization standard, and the class of spoofing attacks it shuts down.☠️ Tool poisoning — How a malicious server hides instructions in tool descriptions, and why your agent trusts them by default.🧪 MCP Debugger & ToolBench — Shining a light on the rough edges by grading servers from S-tier to F-tier.🖥️ Sandboxing agents — Giving an agent a shell and a file system without handing over the keys to your machine.📜 Allow lists — Why MCP has client-level allow lists but skills mostly don't — and why that worries them.🔄 The auto-update problem — How skills and servers that silently update become a supply-chain risk ("rug pulls").✅ SOC 2, honestly — Why the controls are voluntary, misunderstood, and actually about best practices.🤖 AI-generated PRs — The new behaviors to watch for as agents start writing and merging code.

If you build agents, ship MCP servers, or are responsible for AI security at your company, this one's for you.

🔗 Links & ResourcesArcade.dev: https://www.arcade.devArcade MCP framework (GitHub): https://github.com/ArcadeAI/arcade-mcpSam Partee (GitHub): https://github.com/sparteeNate Barbettini (LinkedIn): https://www.linkedin.com/in/nbarbettiniMLOps.community: https://mlops.community

⏱️ Timestamps[00:00] Skills, agents, and local context

[08:36] MCP Debugger grades your server

[10:34] Why AI clients are still buggy

[20:54] Why agents shouldn’t always have shell access

[22:44] “I have a spicy take.”

[26:27] “Do not build your own auth.”

[31:14] The “checking someone else’s email” problem

[35:40] “OAuth is the best worst option.”

[43:50] The future of AI entertainment

[46:19] Tool poisoning explained

[50:49] “Trust me, bro,” is not a security solution

[52:45] MCP registries as the App Store model

[1:00:28] AI-generated PRs and speed vs quality

[1:02:37] Why behavior-driven development is coming back

[1:08:11] Have we already reached AGI?


#MCP #AIAgentSecurity #ToolPoisoning

Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us