MCP Security Emerges at RSAC
What happened
Speakers at RSAC flagged Model Context Protocol (MCP) servers as a new high-value attack surface—calling MCP the ‘USB for AI’—and urged end-to-end protections as startups like barn door.ai begin to address the gap. The session also forecasted consolidation in AI security and a shift from point tools to interoperable platforms. (youtube.com)
Why it matters
RSAC hosted a reserved-session titled “Securing MCP: Mitigating New Threats in Agentic AI Deployments” on March 25, 2026, listing Sarah Novotny (Klever.co) and Jason Clinton (Deputy CISO, Anthropic) among the panelists. (coalitionforsecureai.org) A separate RSAC “Quick Look” demo walked attendees through a small MCP sentinel that scans MCP requests and tool arguments, blocks transformed sensitive content, and shipped example code plus a deployment checklist. (rsaconference.com) Barndoor AI — founded in 2024 — markets a control plane for agentic AI that claims to enforce scoped access and governance for MCP connections and closed a $13.6M seed round led by Crosslink Capital. (barndoor.ai) (prnewswire.com) Microsoft published guidance and a May 7, 2025 Defender for Cloud post showing how Defender can enumerate MCP servers and display “Model Context Protocol” in detected container evidence. (microsoft.com) Palo Alto Networks added MCP-focused protections to its Cortex Cloud writeup, describing MCP Security to detect API-layer threats in real time and monitor model-to-tool communications. (paloaltonetworks.com) Researchers published an MCP Security Benchmark (MSB) on arXiv that models end-to-end attacks against MCP-driven agents and measures resilience across task planning, tool invocation, and response handling. (arxiv.org) Industry proof-of-concept exploits and writeups — including two PoCs from Cato Networks — demonstrated practical MCP attack vectors such as tool misuse and data exfiltration, underscoring why vendors and startups are building integrated MCP controls. (catonetworks.com) Signals at RSAC — workshops from Astrix, vendor blogs from Microsoft and Palo Alto, academic benchmarks, and Barndoor’s fundraising and product launch — show ecosystem movement from single-point tools toward platform-level MCP governance and visibility. (astrix.security) (microsoft.com) (paloaltonetworks.com) (prnewswire.com)
Key numbers
- (youtube.com) RSAC hosted a reserved-session titled “Securing MCP: Mitigating New Threats in Agentic AI Deployments” on March 25, 2026, listing Sarah Novotny (Klever.co) and Jason Clinton (Deputy CISO, Anthropic) among the panelists.
- (rsaconference.com) Barndoor AI — founded in 2024 — markets a control plane for agentic AI that claims to enforce scoped access and governance for MCP connections and closed a $13.6M seed round led by Crosslink Capital.
- (barndoor.ai) (prnewswire.com) Microsoft published guidance and a May 7, 2025 Defender for Cloud post showing how Defender can enumerate MCP servers and display “Model Context Protocol” in detected container evidence.
What happens next
- (barndoor.ai) (prnewswire.com) Microsoft published guidance and a May 7, 2025 Defender for Cloud post showing how Defender can enumerate MCP servers and display “Model Context Protocol” in detected container evidence.
Quick answers
What happened in MCP Security Emerges at RSAC?
Speakers at RSAC flagged Model Context Protocol (MCP) servers as a new high-value attack surface—calling MCP the ‘USB for AI’—and urged end-to-end protections as startups like barn door.ai begin to address the gap. The session also forecasted consolidation in AI security and a shift from point tools to interoperable platforms. (youtube.com)
Why does MCP Security Emerges at RSAC matter?
RSAC hosted a reserved-session titled “Securing MCP: Mitigating New Threats in Agentic AI Deployments” on March 25, 2026, listing Sarah Novotny (Klever.co) and Jason Clinton (Deputy CISO, Anthropic) among the panelists. (coalitionforsecureai.org) A separate RSAC “Quick Look” demo walked attendees through a small MCP sentinel that scans MCP requests and tool arguments, blocks transformed sensitive content, and shipped example code plus a deployment checklist. (rsaconference.com) Barndoor AI — founded in 2024 — markets a control plane for agentic AI that claims to enforce scoped access and governance for MCP connections and closed a $13.6M seed round led by Crosslink Capital. (barndoor.ai) (prnewswire.com) Microsoft published guidance and a May 7, 2025 Defender for Cloud post showing how Defender can enumerate MCP servers and display “Model Context Protocol” in detected container evidence. (microsoft.com) Palo Alto Networks added MCP-focused protections to its Cortex Cloud writeup, describing MCP Security to detect API-layer threats in real time and monitor model-to-tool communications. (paloaltonetworks.com) Researchers published an MCP Security Benchmark (MSB) on arXiv that models end-to-end attacks against MCP-driven agents and measures resilience across task planning, tool invocation, and response handling. (arxiv.org) Industry proof-of-concept exploits and writeups — including two PoCs from Cato Networks — demonstrated practical MCP attack vectors such as tool misuse and data exfiltration, underscoring why vendors and startups are building integrated MCP controls. (catonetworks.com) Signals at RSAC — workshops from Astrix, vendor blogs from Microsoft and Palo Alto, academic benchmarks, and Barndoor’s fundraising and product launch — show ecosystem movement from single-point tools toward platform-level MCP governance and visibility. (astrix.security) (microsoft.com) (paloaltonetworks.com) (prnewswire.com)
