
The MCP Security Risks You Can't Afford to Ignore
From Tech Lead Journal by Henry Suryawirawan
March 2, 2026 · 1h 12m · Episode 249
About this episode
Ariel Shiftan discusses the security risks associated with MCP servers and provides practical advice for developers and enterprise leaders.
What if the MCP server you installed last week is silently leaking your emails to a stranger? The AI tools boosting your productivity could already be your biggest security liability. MCP (Model Context Protocol) has quickly become the standard for connecting AI agents to external tools and data sources. But as adoption accelerates, so do the risks – from malicious servers harvesting your credentials in the background, to local processes exposed to your entire network with no authentication. Most developers install MCP servers without fully understanding what code is running or who wrote it, creating serious supply chain and shadow IT problems inside organizations. In this episode, Ariel Shiftan, CTO of MCPTotal, explains how MCP actually works, why there is a wide gap between its original design and how it is used in practice, and what that gap means for security. He also walks through real zero-days his team has discovered and shares practical advice for developers and enterprise leaders trying to adopt MCP without compromising their security posture. Key topics discussed: What MCP is and why it won the “USB for AI” race Why most MCP servers are just API wrappers done wrong…
People in this episode
Host: Henry Suryawirawan
Guest: Ariel Shiftan
Topics covered
- MCP security risks
- AI tools
- supply chain problems
- zero-day vulnerabilities
- developer best practices
- shadow IT
Keywords
- MCP
- security risks
- AI
- zero-days
- supply chain
- developer tools
- shadow IT
- best practices
Mentioned in this episode
Organizations: MCPTotal
Products: MCP, Model Context Protocol
More episodes of Tech Lead Journal
- Creator of Meta's Hack: Your AI Will Always Cheat — Here's How to Stop It · June 8, 2026 · 1h 18m
- Eric Ries: Why Good Tech Companies Go Bad, and How to Stop It · June 1, 2026 · 1h 0m
- Why Your AI Strategy Is Failing: The AI Paradox of Optimizing Coding Alone · May 18, 2026 · 60 min
- The Future of Code Review: Stop Reviewing Line-by-Line, Start Governing AI Agents · May 4, 2026 · 1h 15m
- FeatureOps: The Safety Net You Need When Shipping with AI · April 27, 2026 · 1h 5m
- Stop Vibe Coding: Spec-Driven Development with The BMad Method · April 20, 2026 · 1h 16m
Explore listener stats, chart rankings, contacts and more on the Tech Lead Journal podcast page.