Sign up for our free Infosec: Age of AI Summit August 14 Register Here

Assessing AI Security: Model Context Protocol

Course Authored by .

“Assessing AI Security: Model Context Protocol” is an eight-hour, hands-on course that teaches security professionals how to evaluate MCP clients, servers, tools, resources, prompts, transports, and supporting infrastructure.

Course Length: 8 Hours

Includes a Certificate of Completion



Next scheduled date: August 21st, 2026 @ 10:00 AM ET

Description

Model Context Protocol (MCP) allows AI applications to connect with external tools, data sources, and business processes. These connections can also give AI systems access to sensitive information, credentials, local resources, and actions capable of changing production environments.

“Assessing AI Security: Model Context Protocol” is an eight-hour, hands-on course that teaches security professionals how to evaluate MCP clients, servers, tools, resources, prompts, transports, and supporting infrastructure.

You will learn to identify trust boundaries, trace data and authorization flows, evaluate security controls, conduct controlled adversarial testing, and communicate findings to both technical and executive stakeholders.

The course examines MCP-specific risks alongside familiar application-security weaknesses. Topics include excessive permissions, token misuse, tool poisoning, context and prompt injection, command injection, server-side request forgery, supply-chain compromise, shadow MCP servers, data over-sharing, session compromise, and insufficient logging. These subjects align with risks identified in the official MCP security guidance and the OWASP MCP Top 10 project.

Who Should Take This Course

This course is designed for professionals responsible for evaluating, developing, deploying, operating, or governing AI-enabled systems, including:

  • Application security engineers and penetration testers
  • AI and machine-learning security professionals
  • Security architects and enterprise architects
  • Cloud security engineers
  • Product security teams
  • Software developers building MCP clients or servers
  • SOC analysts, detection engineers, and incident responders
  • Risk, compliance, and AI-governance professionals
  • Technical auditors and security consultants
  • Technology leaders responsible for approving MCP deployments

The course is particularly valuable for teams that must determine whether an MCP implementation is safe for enterprise or production use.

What You’ll Learn

By the end of the course, you will be able to:

  • Explain MCP architecture, component roles, message flows, and trust boundaries.
  • Distinguish the security responsibilities of MCP hosts, clients, servers, tools, resources, and downstream services.
  • Create a threat model for a local or remote MCP deployment.
  • Evaluate MCP authentication, authorization, scope design, token handling, and user-consent controls.
  • Assess the differences between local STDIO-based deployments and remote HTTP-based deployments.
  • Identify tool poisoning, context injection, prompt injection, scope creep, and intent-flow manipulation.
  • Test MCP tools for command injection, path traversal, SSRF, unsafe parameter handling, and data exfiltration.
  • Evaluate dependency, registry, server, and software-supply-chain risk.
  • Determine whether logging and telemetry are sufficient for investigation, accountability, and detection.
  • Produce risk-ranked findings and practical remediation recommendations for an MCP deployment.
  • VM / Lab / Student information
    • For the hands-on exercises, you should have a laptop capable of accessing the instructor-provided Ubuntu VM. The instructor provides both Intel (tested on 12th-gen i9) and ARM (tested on Mac M5) versions. The VM is pretty stripped down. You'll need to be able to support 2 virtual CPU cores and 4GB of RAM for the VM. More will run things more smoothly.

Syllabus

The course begins with an introduction to Model Context Protocol architecture, including MCP hosts, clients, servers, tools, resources, transports, identities, and trust boundaries. You’ll learn a repeatable methodology for scoping an MCP security assessment, documenting data and control flows, identifying sensitive operations, and developing realistic abuse cases.

The course then examines major MCP security risks, including excessive permissions, tool poisoning, prompt and context injection, token misuse, confused-deputy attacks, command injection, path traversal, server-side request forgery, data exfiltration, session compromise, shadow MCP servers, and software-supply-chain threats. You will evaluate how these risks differ across local, remote, single-server, and multi-server deployments.

Authentication and authorization topics include OAuth-based authorization, scope minimization, token audience restrictions, credential handling, user consent, service identities, redirect validation, and the security differences between HTTP and STDIO transports. You will also assess tool descriptions, input schemas, approval workflows, filesystem access, network egress, isolation controls, logging, monitoring, and incident-response readiness.

Hands-on labs require you to map an MCP attack surface, review insecure authorization and configuration choices, and conduct a controlled assessment of a vulnerable MCP environment. The course concludes with a capstone exercise in which you’ll identify, prioritize, document, and communicate MCP security findings and recommend immediate and long-term remediation actions.

FAQ

Difficulty

Intermediate. We’ll try to make to this as accessible as possible, but the reality is that we’re scaffolding off of existing knowledge of network communications, AuthN/AuthZ fundamentals, etc.

Prerequisites

You should have:

  • A basic understanding of HTTP, APIs, and JSON.
  • Familiarity with concepts of authentication, authorization, access tokens, and least privilege.
  • A general understanding of large language models, AI agents, or tool-calling workflows.
  • Basic command-line skills.
  • The ability to inspect configuration files, logs, and network requests.

Experience with OAuth, Python, JavaScript, TypeScript, containers, or penetration-testing proxies is helpful but not required.

About the Instructor

Register for Upcoming

Assessing AI Security: Model Context Protocol

Live Training Jake Williams

Includes:

  • Certificate of participation
  • Six months access to class recordings
  • Our appreciation

$295
August 21, 2026 10:00 am - 6:00 pm ET
Shopping Cart

No products in the cart.