Fighting Tool Squatting And Prompt Injection & The Security Gaps In MCP

https://is1-ssl.mzstatic.com/image/thumb/Podcasts112/v4/9c/80/2a/9c802a22-4b09-818b-db2a-b56f90ef4696/mza_8816485060938732371.jpg/600x600bb.jpg

The Security Repo

Mackenzie Jackson & Dwayne McDaniel

115 episodes

18 hours ago

The security repo is a podcast that focuses on real world security issues we are all facing today. We will take deep dives into news events and have exclusive interviews with security leaders on the ground.

Technology

RSS

All content for The Security Repo is the property of Mackenzie Jackson & Dwayne McDaniel and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded_nologo/27502653/27502653-1656930586314-56d1874773408.jpg

Fighting Tool Squatting And Prompt Injection & The Security Gaps In MCP – Srajan Gupta

The Security Repo

23 minutes 41 seconds

1 week ago

Fighting Tool Squatting And Prompt Injection & The Security Gaps In MCP – Srajan Gupta

In this episode of the Security Repo Podcast, we welcome Srajan Gupta, a security engineer exploring the evolving security implications of Model Context Protocol (MCP) servers. Shrojan breaks down how MCPs act as AI connectors to external systems and the alarming rise in attack surfaces, including tool squatting and indirect prompt injections. The conversation dives into emerging threats, authorization challenges, and how securing MCPs mirrors early API and cloud security lessons.

Srajan Gupta is a security engineer and builder focused on uncovering how systems fail — not just through vulnerabilities, but through the architecture itself. With a background in application security, platform engineering, and threat modeling, Srajan works at the intersection of usability and risk, helping teams identify and address design-level security flaws before they become incidents.

Srajan is passionate about building practical security tools, automating guardrails, and making threat modeling an everyday engineering skill.

Blog - https://srajangupta.substack.com/

BSides LV talk - https://www.youtube.com/watch?v=Wld0VVRMN4c&t=21977s

https://www.linkedin.com/in/srajan-gupta/

Their research often explores trust boundaries, secure defaults, and the hidden assumptions baked into the applications and infrastructure. They are especially interested in how attackers exploit the gray areas between platforms, automation, and access controls — and how defenders can close those gaps without slowing down delivery.