Foundations of Secure MCP: Architecture and Threat Model

As AI agents move from simple chatbots to autonomous systems that execute tasks on our behalf, the security stakes have never been higher. In this video, Aron breaks down the foundations of securing agent workloads using the Model Context Protocol (MCP). MCP is an open standard that allows agents to interact with other external systems and tools. While this expands what agents can do, it also expands their attack surface. Watch along and learn to navigate the MCP architecture by understanding the MCP client-server relationship and identifying vulnerabilities across agents, models, and infrastructure. We perform a deep dive into representative risks, such as broken authorization, indirect prompt injection, and command injection, while exploring how to implement a defense-in-depth strategy. By the end of this video, you'll understand how Agent Identity, Secret Manager, and Model Armor can support robust, multi-layered protection for your AI agents. Resources: [Lab] Deploy ADK Agents with Model Armor → https://goo.gle/4qyjITu [Labs] Building a Production-Ready AI Security Foundation → https://goo.gle/4pRZfrE Learn more about AI Protection → https://goo.gle/4r4KKBO Learn more about Model Armor → https://goo.gle/4pQTJFW Deploy Agents on Cloud Run → https://goo.gle/3Zl9xWu Deploy Agents on GKE → https://goo.gle/4sSNFiN Deploy Agents on Agent Engine → https://goo.gle/3LTay53 Secure Credentials for MCP Access with Secret Manager → https://goo.gle/4k1QMRt Read the MCP Authorization Specification → https://goo.gle/4qA8EFD Subscribe to Google Cloud Tech → https://goo.gle/GoogleCloudTech Speakers: Aron Eidelman Products Mentioned: Agent Development Kit, Model Armor, Cloud Run, Google Kubernetes Engine, Secret Manager, Agent Identity