Cloud Security Podcast

chevron_right

Is Developer Friendly AI Security Possible with MCP & Shadow AI

whatshot 10 snips

Feb 5, 2026

Guest

Bryan Woolgar-O'Neil

Bryan Woolgar-O'Neil, CTO and co-founder of Harmonic Security, focuses on secure AI adoption and developer-friendly AI governance. He discusses why blocking developer tools fails and why many MCP servers run locally. He explains MCP and Harmonic’s gateway approach, argues for coaching engineers in real time instead of blunt blocking, and predicts small specialized models will win for business tasks.

01:03:02

forum

Ask episode

web_stories

AI Snips

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

insights

INSIGHT

Most MCP Servers Run Locally

Blocking MCP usage is ineffective because developers run local MCP servers on laptops.
Bryan estimates ~70% of MCP servers run locally, so visibility matters more than blanket blocking.

insights

INSIGHT

AI Amplifies Access And Risk

AI amplifies access and scale of actions traditionally done by engineers, changing risk models.
Controls once applied to manual code and access must evolve to understand intent and automated flows.

question_answer

ANECDOTE

Bug Fixes Cut From Days To Minutes

A customer used cloud code and MCP to reduce a 3–5 day bug fix to about 20 minutes.
That speed let engineers automate many previously slow tasks and drastically increase throughput.

Get the Snipd Podcast app to discover more snips from this episode

Bryan's background and Harmonic's mission

01:58 • 54sec

chevron_right

Why AI adoption stalls at experimentation

02:52 • 2min

chevron_right

Shadow AI blind spots and visibility limits

05:09 • 1min

chevron_right

How AI differs: speed, scale, and access

06:23 • 3min

chevron_right

Can security be developer friendly?

09:37 • 4min

chevron_right

What MCP (Model Context Protocol) is

14:00 • 2min

chevron_right

Why Harmonic built an MCP gateway

16:14 • 3min

chevron_right

Top priorities for MCP security

18:59 • 2min

chevron_right

Local MCP servers and why they're common

21:05 • 2min

chevron_right

Data-centric controls and developer access

23:10 • 2min

chevron_right

Coaching instead of blocking at the endpoint

25:19 • 5min

chevron_right

Changing policies and real-time training

30:15 • 3min

chevron_right

Organizational roles for AI governance

33:21 • 5min

chevron_right

Workforce productivity vs product integration

38:03 • 3min

chevron_right

Practical AI security maturity model

41:00 • 9min

chevron_right

Future risks: agentic flows and automations

49:56 • 4min

chevron_right

Why Small Language Models will gain traction

53:45 • 5min

chevron_right

Personal anecdotes and closing thoughts

Is "developer-friendly" AI security actually possible? In this episode, Bryan Woolgar-O'Neil (CTO & Co-founder of Harmonic Security) joins Ashish to dismantle the traditional "block everything" approach to security.

Bryan explains why 70% of Model Context Protocol (MCP) servers are running locally on developer laptops and why trying to block them is a losing battle . Instead, he advocates for a "coaching" approach, intervening in real-time to guide engineers rather than stopping their flow .

We dive deep into the technical realities of MCP (Model Context Protocol), why it's becoming the standard for connecting AI to data, and the security risks of connecting it to production environments . Bryan also shares his prediction that Small Language Models (SLMs) will eventually outperform general giants like ChatGPT for specific business tasks .

Guest Socials - ⁠⁠⁠⁠Bryan's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

If you are interested in AI Security

, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠

Questions asked:

(00:00) Introduction(01:55) Who is Bryan Woolgar-O'Neil?(03:00) Why AI Adoption Stops at Experimentation(05:15) The "Shadow AI" Blind Spot: Firewall Stats vs. Reality (08:00) Is AI Security Fundamentally Different? (Speed & Scale) (10:45) Can Security Ever Be "Developer Friendly"? (14:30) What is MCP (Model Context Protocol)? (17:20) Why 70% of MCP Usage is Local (and the Risks) (21:30) The "Coaching" Approach: Don't Just Block, Educate (25:40) Developer First: Permissive vs. Blocking Cultures (30:20) The Rise of the "Head of AI" Role (34:30) Use Cases: Workforce Productivity vs. Product Integration (41:00) An AI Security Maturity Model (Visibility -> Access -> Coaching) (46:00) Future Prediction: Agentic Flows & Urgent Tasks (49:30) Why Small Language Models (SLMs) Will Win (53:30) Fun Questions: Feature Films & Pork Dumplings

Home Top podcasts Popular guests Top books