DiscoverThe DevSecOps Talks Podcast#86 - MCP plugins: your next security blind spot?
#86 - MCP plugins: your next security blind spot?

#86 - MCP plugins: your next security blind spot?

Update: 2025-11-21
Share

Description

Is MCP just another server you need to threat model, patch, and monitor? How do you keep users from over-privileged access, block LLM injection, and stop blind spots? We unpack the VentureBeat article https://venturebeat.com/security/mcp-stacks-have-a-92-exploit-probability-how-10-plugins-became-enterprise with real-world tips.

 


We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.


DevSecOps Talks podcast LinkedIn page


DevSecOps Talks podcast website


DevSecOps Talks podcast YouTube channel

Comments 
In Channel
#86 - MCP plugins: your next security blind spot?

#86 - MCP plugins: your next security blind spot?

2025-11-2101:04:54

#85 - Is It Time for OpenTofu? Our HashiConf Takeaways

#85 - Is It Time for OpenTofu? Our HashiConf Takeaways

2025-10-2330:46

#84 - AI for DevSecOps: Current Wins and Ongoing Gaps

#84 - AI for DevSecOps: Current Wins and Ongoing Gaps

2025-09-3035:22

#83 - Opentofu Vs Terraform: Where We Are Now With Cole Bittel

#83 - Opentofu Vs Terraform: Where We Are Now With Cole Bittel

2025-09-1738:45

#82 - Tools, Mcps, And Attack Scenarios

#82 - Tools, Mcps, And Attack Scenarios

2025-08-2536:57

#81 - Keeping Secrets Safe

#81 - Keeping Secrets Safe

2025-06-3033:35

#80 - Understanding Passkeys: Benefits And Limitations

#80 - Understanding Passkeys: Benefits And Limitations

2025-05-2136:55

#79 - Going Local: What’S Driving The Move?

#79 - Going Local: What’S Driving The Move?

2025-04-2320:31

#78 - Building AI Tools For IaC Compliance

#78 - Building AI Tools For IaC Compliance

2025-04-0941:12

#77 - Chaos Engineering Explained: Part 2

#77 - Chaos Engineering Explained: Part 2

2025-03-2634:30

#76 - Chaos Engineering Explained: Part 1

#76 - Chaos Engineering Explained: Part 1

2025-03-1126:29

#75 - Learning from the Crisis: Post-Incident Actions

#75 - Learning from the Crisis: Post-Incident Actions

2025-02-2724:18

#74 - From Preparation To Execution: Handling An Active Incident

#74 - From Preparation To Execution: Handling An Active Incident

2025-02-1027:50

#73 - Incident Response: Key Preparations You Need

#73 - Incident Response: Key Preparations You Need

2025-01-2238:23

#72 - AWS Resource Control Policies (RCPs)

#72 - AWS Resource Control Policies (RCPs)

2025-01-1421:25

#71 - Unpacking The Dora Accelerate State Of Devops Report

#71 - Unpacking The Dora Accelerate State Of Devops Report

2024-12-2040:49

#70 - System Initiative Goes Ga

#70 - System Initiative Goes Ga

2024-11-2840:26

#69 - Who Is Paulina?

#69 - Who Is Paulina?

2024-11-0842:16

#68 - Julien’s Last Episode?

#68 - Julien’s Last Episode?

2024-10-1727:16

#67 - Building MVP On AWS

#67 - Building MVP On AWS

2024-10-0329:53

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

#86 - MCP plugins: your next security blind spot?

#86 - MCP plugins: your next security blind spot?

Mattias Hemmingsson, Julien Bisconti and Andrey Devyatkin