
Built Fast, Broken Faster: MCP & AI App Security—with GitGuardian’s Gaetan Ferry
From Cyber Sentries: AI Insight to Cloud Security by TruStory FM
March 4, 2026 · 39 min · Season 2 · Episode 11
About this episode
The episode discusses the intersection of rapid AI development and security challenges, featuring insights from Gaetan Ferry on vulnerabilities in modern cloud platforms.
When “Ship Fast” Meets “Secure by Design” in AI Apps AI-driven development is moving at breakneck speed—and attackers are taking advantage of the shortcuts. In this episode of Cyber Sentries: AI Insights for Cloud Security, host John Richards sits down with Gaetan Ferry, security researcher at GitGuardian, to unpack how modern AI tooling, MCP servers, and cloud platforms are reshaping the security landscape. The core problem: the same agentic workflows that boost productivity can also multiply identities, credentials, and blast radius if something goes wrong. After John and Gaetan set the stage, Gaetan walks through a real-world-style vulnerability chain involving smithery.ai, an MCP server registry/hosting platform. It’s a practical look at how “classic” web issues can still show up in brand-new AI ecosystems—and how one small weakness can cascade into bigger supply chain risk. Along the way, they explore why secret sprawl is accelerating, what attackers are hunting for, and why observability is becoming as essential for identities and tokens as it is for infrastructure. Why MCP Servers, OAuth, and Secret Sprawl Are Colliding A big theme is the tension between usability and…
People in this episode
Host: John Richards
Guest: Gaetan Ferry
Topics covered
- AI-driven development
- cloud security
- vulnerability chain
- secret sprawl
- OAuth
- MCP servers
Keywords
- AI apps
- security landscape
- credentials
- supply chain risk
- observability
- permissions
Mentioned in this episode
Organizations: GitGuardian, OAuth
Products: smithery.ai
More episodes of Cyber Sentries: AI Insight to Cloud Security
- Beyond the Token: How to Secure Agent Identity Across the Full Permission Chain with Jasson Casey · June 3, 2026 · 35 min
- People-Pleasers: Why AI Agents Go Rogue and How to Govern Them at Scale with Shreyans Mehta · May 6, 2026 · 31 min
- Five Seconds to Fraud: Detecting AI Deepfakes Before They Strike with Ben Colman · April 1, 2026 · 29 min
- Identity in the AI Era: Managing Enterprise Risk in the Age of AI with Jasson Casey · February 4, 2026 · 39 min
- Security Data Pipelines: How to Cut SIEM Costs and Noise with Dina Kamal · January 14, 2026 · 33 min
- Securing AI Agents: How to Stop Credential Leaks and Protect Non‑Human Identities with Idan Gour · December 10, 2025 · 33 min
Explore listener stats, chart rankings, contacts and more on the Cyber Sentries: AI Insight to Cloud Security podcast page.