A Bootiful Podcast Daniel Garnier-Moiroux on MCP Security
Mar 26, 2026
Daniel Garnier-Moiroux, engineer and Spring/Security contributor who builds MCP security tooling. He explains MCP and why LLMs calling external tools need strong identity and auth. They cover prompt injection risks, OAuth vs API keys, token-binding strategies, and how Spring is hardening MCP for enterprise use.
AI Snips
Chapters
Transcript
Episode notes
Integrate AI Into Existing Spring Apps
- Integrate AI into existing apps for the highest value rather than building separate agent islands.
- Josh Long argues Spring AI enables production-ready agentic features inside familiar Spring applications, improving adoption and security.
MCP Makes LLMs Call External Tools
- MCP lets LLMs call external tools so models can act beyond producing text and fetch or perform actions via a standard protocol.
- Daniel Garnier-Moiroux describes MCP as a client/server protocol where the LLM returns a tool call which an MCP server then executes.
Require Caller Identity For MCP Tool Calls
- Always authenticate and identify MCP callers; treat identity as both security and feature for continuity.
- Daniel stresses MCP tools must know who the caller is to authorize actions like filing expense reports correctly.