![[Webinar] Securing Agentic AI: From MCPs and Tool Access to Shadow API Key Sprawl](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2N9qZuwkcslheNUOsWaTDrMYeXiBUfw1y-hItTvuGo71srarOm7AWzq3o7ro9E0x_CnC7XmJGXKl1tfkc6gTMK288y6M_zN6Yg1FATduXSQmMlp_jnHESxVYZDuJnNozO_Ff-r-lWIyG5AikC8AwrOckeYVYcCQv2RjeLof2bxV_TrcbvRvZqrTIcjD0/s2600/ai-agent.jpg)
"Behind every agentic workflow sits a layer few organizations are actively securing: Machine Control Protocols (MCPs). These systems quietly decide what an AI agent can run, which tools it can call, which APIs it can access, and what infrastructure it can touch. Once that control plane is compromised or misconfigured, the agent doesn't just make mistakes-it acts with authority. Ask the teams impacted by CVE-2025-6514."
"One flaw turned a trusted OAuth proxy used by more than 500,000 developers into a remote code execution path. No exotic exploit chain. No noisy breach. Just automation doing exactly what it was allowed to do-at scale. That incident made one thing clear: if an AI agent can execute commands, it can also execute attacks. This webinar is for teams who want to move fast without giving up control."
Machine Control Protocols (MCPs) mediate what AI agents can run, which tools and APIs they can call, and which infrastructure they can touch. When MCP control planes are compromised or misconfigured, agents gain authority and can perform large-scale harmful actions. A single OAuth proxy flaw (CVE-2025-6514) converted trusted infrastructure into a remote code execution path, demonstrating how automation amplifies allowed behavior into attacks. Shadow API keys and quietly sprawling permissions create hidden attack surfaces. Traditional identity and access models often fail when agents act autonomously. Practical controls include detecting and eliminating shadow keys, auditing agent actions, enforcing policy pre-deployment, and securing MCP servers without slowing development.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]