“Assessing AI Security: Model Context Protocol” is an eight-hour, hands-on course that teaches security professionals how to evaluate MCP clients, servers, tools, resources, prompts, transports, and supporting infrastructure.
Next scheduled date:August 21st, 2026 @ 10:00 AM ET
Description
Model Context Protocol (MCP) allows AI applications to connect with external tools, data sources, and business processes. These connections can also give AI systems access to sensitive information, credentials, local resources, and actions capable of changing production environments.
“Assessing AI Security: Model Context Protocol” is an eight-hour, hands-on course that teaches security professionals how to evaluate MCP clients, servers, tools, resources, prompts, transports, and supporting infrastructure.
You will learn to identify trust boundaries, trace data and authorization flows, evaluate security controls, conduct controlled adversarial testing, and communicate findings to both technical and executive stakeholders.
The course examines MCP-specific risks alongside familiar application-security weaknesses. Topics include excessive permissions, token misuse, tool poisoning, context and prompt injection, command injection, server-side request forgery, supply-chain compromise, shadow MCP servers, data over-sharing, session compromise, and insufficient logging. These subjects align with risks identified in the official MCP security guidance and the OWASP MCP Top 10 project.
Who Should Take This Course
This course is designed for professionals responsible for evaluating, developing, deploying, operating, or governing AI-enabled systems, including:
Application security engineers and penetration testers
AI and machine-learning security professionals
Security architects and enterprise architects
Cloud security engineers
Product security teams
Software developers building MCP clients or servers
SOC analysts, detection engineers, and incident responders
Risk, compliance, and AI-governance professionals
Technical auditors and security consultants
Technology leaders responsible for approving MCP deployments
The course is particularly valuable for teams that must determine whether an MCP implementation is safe for enterprise or production use.
What You’ll Learn
By the end of the course, you will be able to:
Explain MCP architecture, component roles, message flows, and trust boundaries.
Distinguish the security responsibilities of MCP hosts, clients, servers, tools, resources, and downstream services.
Create a threat model for a local or remote MCP deployment.
Test MCP tools for command injection, path traversal, SSRF, unsafe parameter handling, and data exfiltration.
Evaluate dependency, registry, server, and software-supply-chain risk.
Determine whether logging and telemetry are sufficient for investigation, accountability, and detection.
Produce risk-ranked findings and practical remediation recommendations for an MCP deployment.
VM / Lab / Student information
For the hands-on exercises, you should have a laptop capable of accessing the instructor-provided Ubuntu VM. The instructor provides both Intel (tested on 12th-gen i9) and ARM (tested on Mac M5) versions. The VM is pretty stripped down. You'll need to be able to support 2 virtual CPU cores and 4GB of RAM for the VM. More will run things more smoothly.
Syllabus
The course begins with an introduction to Model Context Protocol architecture, including MCP hosts, clients, servers, tools, resources, transports, identities, and trust boundaries. You’ll learn a repeatable methodology for scoping an MCP security assessment, documenting data and control flows, identifying sensitive operations, and developing realistic abuse cases.
The course then examines major MCP security risks, including excessive permissions, tool poisoning, prompt and context injection, token misuse, confused-deputy attacks, command injection, path traversal, server-side request forgery, data exfiltration, session compromise, shadow MCP servers, and software-supply-chain threats. You will evaluate how these risks differ across local, remote, single-server, and multi-server deployments.
Authentication and authorization topics include OAuth-based authorization, scope minimization, token audience restrictions, credential handling, user consent, service identities, redirect validation, and the security differences between HTTP and STDIO transports. You will also assess tool descriptions, input schemas, approval workflows, filesystem access, network egress, isolation controls, logging, monitoring, and incident-response readiness.
Hands-on labs require you to map an MCP attack surface, review insecure authorization and configuration choices, and conduct a controlled assessment of a vulnerable MCP environment. The course concludes with a capstone exercise in which you’ll identify, prioritize, document, and communicate MCP security findings and recommend immediate and long-term remediation actions.
Intermediate. We’ll try to make to this as accessible as possible, but the reality is that we’re scaffolding off of existing knowledge of network communications, AuthN/AuthZ fundamentals, etc.