Jiquan Ngiam, CEO of MintMCP, discusses the paradigm shift from static programs to dynamic AI agents, outlining the significant security risks involved—supply chain vulnerabilities, third-party data poisoning, and inadvertent agent behaviors—and presents a three-pronged strategy for enterprise readiness: comprehensive monitoring, preventative guardrails, and secure, role-based deployment of Model Context Protocols (MCPs).
Vitor, co-founder of Runlayer and former tech lead for Zapier Agents, provides a deep dive into the security vulnerabilities of the rapidly adopted MCP standard for AI agents. He outlines the primary attack vectors, including sophisticated prompt injections, supply chain attacks like 'rug-pulls', and tool schema manipulation, using real-world exploits as examples. The talk concludes with a multi-layered defensive strategy for users, developers, and enterprises to secure their AI agent deployments.
In this panel discussion, Holly Cummins, Abby Bangser, and Adrian Mouat explore the inherent conflict between security and developer experience. They argue that traditional security, often driven by fear and restrictive policies, can lead to 'Shadow IT' and greater insecurity. The solution proposed is a platform engineering approach, which centralizes security expertise to provide secure defaults, infrastructure guardrails, and a clear shared responsibility model, thus enabling development teams to deliver value quickly and safely without needing to become security experts themselves.
This session from Okta and Auth0 introduces a comprehensive framework for securing AI agents, covering identity establishment, delegated API access via Token Vault, user consent for risky operations using Asynchronous Authorization (CIBA), and integration with MCP servers.
Sam Partee, CTO of Arcade, explains the critical gap between AI agents that gather context and those that take secure, real-world actions. He introduces Arcade as a middleware platform that solves complex challenges like user authorization, fine-grained permissions, and token management, enabling developers to build scalable, enterprise-ready agents.
This talk introduces an "abusability analysis framework" to evaluate technologies like passkeys under interpersonal threat models, such as intimate partner violence. An analysis of 19 services revealed critical implementation flaws, including irrevocable cloned passkeys and the failure of password resets to secure accounts, which can create persistent backdoors for abusers.