BlueHat Asia: Hack the context: MCP VULNfest скачать в хорошем качестве

BlueHat Asia: Hack the context: MCP VULNfest

In this BlueHat Asia session, Vishal Chand (Researcher, BharatGen, IIT Bombay) and Nikhil Srivastava (CEO, P.I.V.O.T Security) break down why MCP (Model Context Protocol) is suddenly everywhere, and why defenders should treat the context layer as the new battleground. They start by demystifying MCP: the model (your LLM), the context (the information and tool inputs shaping decisions), and the protocol (the standardized way everything talks). From there, the talk pivots quickly to the “dark side”: how attackers are already learning to bend context instead of code through techniques like prompt injection (mutated for MCP), tool poisoning, data exfiltration, and supply-chain style swaps (a.k.a. “rugpull” updates). The heart of the session is real-world exploitation thinking: what can go wrong when trust is misplaced in tool descriptions, hidden metadata, and one-click approvals. You’ll hear a candid story on “approval fatigue” (Vishal’s “red towel problem”) and see how attack primitives can be chained into something much bigger, including a redacted case study showing how a popular AI assistant’s environment could be abused as infrastructure for command-and-control. The session closes with practical mitigations: MCP gateways for policy enforcement and observability, registries as an “app store” control point, runtime isolation and network controls (including sandboxing), and a three-layer framework for enterprise, developer, and user defenses. What you’ll learn in this talk: ➤What MCP is and why it changes tool access security ➤The biggest MCP attack surfaces (client + server side) ➤Tool poisoning, rugpull attacks, and contextual manipulation ➤How attack chains evolve from primitives to payloads ➤Mitigations: gateways, registries, sandboxing, isolation, monitoring, and red teaming