The Fat Pipe - Most Popular Packet Pushers Pods

D2DO276: MCP: Capable, Insecure, and On Your Network Today

Jun 25, 2025
Guest
Dan Barr
Dan Barr, a Senior Technical Marketing Engineer at StackLock, dives into the intricacies of the Model Context Protocol (MCP), an open-source tool for AI integration. He discusses the evolution from basic chatbots to sophisticated AI agents and the importance of governance in these systems. Security challenges in deploying MCP servers are also highlighted, along with ToolHive's innovative solutions for managing credentials and authorizations. The conversation touches on how OAuth is transforming machine identities and the need for best practices in AI management.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ADVICE

Authorize MCP Tool Use Manually

  • Always have a human in the loop to authorize tool use in MCP workflows.
  • Avoid fully auto-authorizing tool usage to prevent unintended or dangerous actions.
INSIGHT

Credential Handling & Security Risks

  • MCP server credentials stay local to the server, not passed to the LLM, often stored in plain text or environment variables.
  • Vet all MCP servers carefully and use trusted, open-source sources to avoid prompt injection or tool poisoning risks.
INSIGHT

MCP Server Registries Emerging

  • There is no official MCP server registry yet but community-driven lists and registries by companies exist.
  • An official centralized MCP registry is beginning to be developed by the MCP community.
Get the Snipd Podcast app to discover more snips from this episode
Get the app