Joined December 2018
- Tweets 681
- Following 205
- Followers 1,864
- Likes 274
268 Photos and videos
An MCP compromise may look like normal tool usage. π¨
The agent invokes tools, retrieves data, and returns an answer.
But the instruction came from the wrong place.
practical-devsecops.com/mcp-β¦
#IncidentResponse
50
Authenticated does not mean hardened. π‘οΈ
Your MCP server may have OAuth and logs, but is it running as root? Storing secrets in images? Allowing open egress?
practical-devsecops.com/mcp-β¦
#ServerHardening
69
MCP risk is not just an AppSec issue. π
It crosses API security, cloud security, third-party risk, identity, logging, and governance.
CISOs need a real framework.
practical-devsecops.com/mcp-β¦
#MCPSecurity
1
46
OAuth is not enough if every agent can call every tool. π
For MCP, use session-scoped access: role plus task equals allowed tools.
Give the agent only what the task needs.
practical-devsecops.com/mcp-β¦
#MCPAuth
1
84
Prompt injection is no longer just a chat input problem. π§
With MCP, instructions can enter through PDFs, web pages, emails, calendars, memory, and other agents.
practical-devsecops.com/mcp-β¦
#PromptInjection
1
48
Quick MCP audit question: π
Can someone access your tool manifest without logging in?
If yes, attackers can see tool names, descriptions, schemas, and capabilities.
practical-devsecops.com/mcp-β¦
#MCPSecurity
56
The user sees a tool name.
The model sees the full tool description. π§ͺ
That hidden surface can be poisoned. Hash manifests, detect drift, and monitor tool call chains.
practical-devsecops.com/mcp-β¦
#ToolPoisoning #MCPSecurity
44
MCP connects agents to databases, code, email, cloud APIs, and internal tools. π
That is power and risk in the same pipe.
Inventory servers, remove secrets, add OAuth, enforce allowlists, and log tool calls.
practical-devsecops.com/mcp-β¦
#MCPSecurity
1
51
MCP now has an OWASP Top 10. β οΈ
30 MCP CVEs were filed in Jan-Feb 2026. 43% were shell injection issues.
If your agents touch code, data, email, or cloud APIs, start here:
practical-devsecops.com/owasβ¦
#MCPSecurity #OWASP
1
61
π¨ Happening TODAY!
π‘ DevSecOps Live: Agentic AI Threat Modeling with MAESTRO
β
MAESTRO 7-layer walkthrough πΊοΈ
β
Live MCP deployment demo π¬
β
Real agentic threats π
ποΈ Speaker: Ken Huang
π us06web.zoom.us/webinar/regiβ¦
#DevSecOps #AgenticAI #MAESTRO #AISecurity
84
ποΈ Two days to go!
This one is for you if you are π
π Security Engineer
βοΈ DevSecOps Practitioner
π‘οΈ AppSec Professional
π€ AI/ML Engineer
π Security Leader
Free. 23rd April. DevSecOps Live. π―
π us06web.zoom.us/webinar/regiβ¦
#AgenticAI #MAESTRO #AISecurity #DevSecOps
1
114
πΊοΈ MAESTRO's 7 layers π
Foundation Models
Data Operations
Agent Frameworks
Infrastructure
Observability
Integration
Agent Ecosystem
π¨ Most teams stop at Layer 1.
π‘ DevSecOps Live | 23rd April
π us06web.zoom.us/webinar/regiβ¦
#MAESTRO #AgenticAI #AISecurity
70
π Ken Huang | DevSecOps Live ποΈ
π CEO, DistributedApps.ai π’
π CSA Fellow π‘οΈ
π OWASP AIVSS Project Lead π
π 14 books on AI security π
π Speaker: RSA, WEF Davos, IEEE π€
Join him 23rd April ποΈ
π us06web.zoom.us/webinar/regiβ¦
#AISecurity #AgenticAI #DevSecOps #Infosec
1
56
β οΈ STRIDE. DREAD. PASTA.
Built for deterministic software. Not for AI agents. π€
π― MAESTRO closes that gap.
π‘ DevSecOps Live | 23rd April 2026
β° 10.00 EDT / 14.00 GMT / 19.30 IST / 22.00 SGT
π us06web.zoom.us/webinar/regiβ¦
#AgenticAI #MAESTRO #AISecurity #DevSecOps
61
π‘ Next DevSecOps Live is here! π
π₯οΈ Topic: Agentic AI Threat Modeling with MAESTRO
ποΈ Speaker: Ken Huang
ποΈ 23rd April 2026
β° 10.00 EDT / 14.00 GMT / 19.30 IST / 22.00 SGT π
π us06web.zoom.us/webinar/regiβ¦
#AISecurity #AgenticAI #MAESTRO #DevSecOps #Infosec
1
60
Spending thousands on scanners π
Skipping what makes them useful?
4 questions before writing code:
β‘οΈ What are we building?
β‘οΈ What can go wrong?
β‘οΈ What do we do about it?
β‘οΈ Did we do a good job?
#ThreatModeling #DevSecOps #AppSec #SecurityBasics
practical-devsecops.com/whatβ¦
75
Most DevSecOps rollouts fail in 90 days π
Not bad tech. No plan.
Phase 1: Assess gaps
Phase 2: Align people
Phase 3: Automate right
Phase 4: Measure iterate
Skipping phases = 3x the debt.
#DevSecOps #Implementation #SDLC #CyberSecurity
practical-devsecops.com/devsβ¦
1
50
Wrong tool = false confidence π οΈ
By category:
π¦ SBOM: Syft, CycloneDX
π Scanning: Trivy, Grype, Snyk
π Signing: Cosign, Notary
π³ Container: Harbor, Dockle
A scanner nobody checks = no scanner.
#DevSecOps #SupplyChainSecurity #SecurityTools
practical-devsecops.com/softβ¦
2
106
2025 = DevSecOps stopped being optional π
AI threats outpaced defenses.
Supply chain attacks went mainstream.
Compliance forced security into business functions.
Adapted early = miles ahead in 2026.
#DevSecOps #CyberSecurity #SecurityTrends #appsec
practical-devsecops.com/devsβ¦
30
Capital One 2019. K8s misconfiguration. $300M π
Best practices:
π RBAC first
π Encrypt secrets at rest
π Network policies (default deny)
π Scan every image
π Monitor runtime behavior
#Kubernetes #KubernetesSecurity #DevSecOps #ContainerSecurity
practical-devsecops.com/kubeβ¦
34