Security Weekly Podcast Network (Audio) Securing Model Context Protocol as Companies Plan to Replace Entry Roles with AI - Rahul Parwani - BSW #421
Nov 12, 2025
Rahul Parwani, Head of Product at ARIA and an expert in AI security, dives into the intricacies of the Model Context Protocol (MCP). He explains how MCP, while revolutionary for AI integration, has led to a security 'wild west', with threats like prompt injection emerging. The discussion includes strategies for balancing security and developer velocity, the importance of effective identity management, and how CISO burnout affects the industry. Rahul warns against replacing entry roles with AI, emphasizing the need to preserve career pathways in technology.
AI Snips
Chapters
Transcript
Episode notes
Prompt Injection Is The Dominant Threat
- Prompt injection (including obfuscation like ASCII or emoji smuggling) is a primary attack vector against agents and LLM workflows.
- These attacks become more dangerous when combined with unauthenticated MCP servers accessing sensitive data.
Velocity Amplifies MCP Security Risk
- MCP accelerates developer velocity by letting teams wire tools together quickly, which heightens security risk by outpacing human controls.
- Security must balance speed and governance or risk pervasive, automated misconfigurations.
Require Human Approval For High-Risk Calls
- Require explicit approvals for high-risk tool calls and allow lower-risk reads without interrupting workflows.
- Configure per-tool policies so dangerous actions like deletes always prompt a human-in-the-loop confirmation.