​The paper titled "MCP Safety Audit: LLMs with the Model Context Protocol Allow Major Security Exploits" by Brandon Radosevich and John Halloran investigates security vulnerabilities introduced by the Model Context Protocol (MCP), an open standard designed to streamline integration between large language models (LLMs), data sources, and agentic tools. While MCP aims to facilitate seamless AI workflows, the authors identify significant security risks associated with its current design.​

In this episode, we explore how modern cybersecurity is transforming with agentless threat emulation. We discuss a cutting-edge platform that simulates advanced persistent threat (APT) tactics without installing agents—leveraging open-source tools like Atomic Red Team and PurpleSharp alongside the MITRE ATT&CK framework. Discover how the platform’s user-friendly, drag-and-drop scenario builder, remote execution via SSH/WinRM, and real-time monitoring empower cyber defenders to train effectively, identify detection gaps, and bolster overall security. Join us as we break down the technical innovations, operational benefits, and strategic value of continuous, automated threat simulations in today’s dynamic cyber landscape.

This NIST report offers a comprehensive exploration of adversarial machine learning (AML), detailing threats against both predictive AI (PredAI) and generative AI (GenAI) systems. It presents a structured taxonomy and terminology of various attacks, categorising them by the AI system properties they target, such as availability, integrity, and privacy, with an additional category for GenAI focusing on misuse enablement. The document outlines the stages of learning vulnerable to attacks and the varying capabilities and knowledge an attacker might possess. Furthermore, it describes existing and potential mitigation strategies to defend against these evolving threats, highlighting the inherent trade-offs and challenges in securing AI systems.