MCP Security Emerges at RSAC

RSAC hosted a reserved-session titled “Securing MCP: Mitigating New Threats in Agentic AI Deployments” on March 25, 2026, listing Sarah Novotny (Klever.co) and Jason Clinton (Deputy CISO, Anthropic) among the panelists. (coalitionforsecureai.org) A separate RSAC “Quick Look” demo walked attendees through a small MCP sentinel that scans MCP requests and tool arguments, blocks transformed sensitive content, and shipped example code plus a deployment checklist. (rsaconference.com) Barndoor AI — founded in 2024 — markets a control plane for agentic AI that claims to enforce scoped access and governance for MCP connections and closed a $13.6M seed round led by Crosslink Capital. (barndoor.ai) (prnewswire.com) Microsoft published guidance and a May 7, 2025 Defender for Cloud post showing how Defender can enumerate MCP servers and display “Model Context Protocol” in detected container evidence. (microsoft.com) Palo Alto Networks added MCP-focused protections to its Cortex Cloud writeup, describing MCP Security to detect API-layer threats in real time and monitor model-to-tool communications. (paloaltonetworks.com) Researchers published an MCP Security Benchmark (MSB) on arXiv that models end-to-end attacks against MCP-driven agents and measures resilience across task planning, tool invocation, and response handling. (arxiv.org) Industry proof-of-concept exploits and writeups — including two PoCs from Cato Networks — demonstrated practical MCP attack vectors such as tool misuse and data exfiltration, underscoring why vendors and startups are building integrated MCP controls. (catonetworks.com) Signals at RSAC — workshops from Astrix, vendor blogs from Microsoft and Palo Alto, academic benchmarks, and Barndoor’s fundraising and product launch — show ecosystem movement from single-point tools toward platform-level MCP governance and visibility. (astrix.security) (microsoft.com) (paloaltonetworks.com) (prnewswire.com)