Status: Done

My Arcade colleague Nate Barbettini and I sat down at the MCP Dev Summit to unpack what nobody wants to admit about the Model Context Protocol: the security model is still full of sharp edges. From tool poisoning and prompt injection to why OAuth got bolted onto the spec, this is a builder’s-eye view of where MCP breaks - and how to ship agents safely anyway.

What we get into:

  • OAuth on MCP - why the spec adopted OAuth as its authorization standard, and the class of spoofing attacks it shuts down.
  • Tool poisoning - how a malicious server hides instructions in tool descriptions, and why your agent trusts them by default.
  • Sandboxing agents - giving an agent a shell and a file system without handing over the keys to your machine.
  • Allow lists and the auto-update problem - how silently updating skills and servers become a supply-chain risk (“rug pulls”).

Watch it on the MLOps Community.

Links & resources

For more about Arcade check out the website at https://www.arcade.dev/ and the GitHub https://github.com/arcadeai/