Breaking Model Context Protocol: Back to Security Basics

Talk at CactusCon 2026 covering a security audit of Model Context Protocol servers and their OAuth implementations. Covers prompt injection via tool descriptions, DNS rebinding on local servers, token mismanagement, and real-world CVEs including RCE via OAuth metadata and ServiceNow privilege escalation. The core thesis: 90% of the vulnerabilities found reflect longstanding security principles, but AI agents magnify their impact by automating tool execution across trust boundaries.

Sample code: cactus-con-2026 on GitHub