Join us for an evening of fun at this month’s hack::soho taking place 31 July, 6pm – 9pm GMT, set up to be a loose networking environment where cyber security professionals can chat, get some complimentary food & drink, and discuss rising global trends.
This month’s hack::soho will feature a talk from guest speaker Dinis Cruz, founder of The Cyber Boardroom. The abstract of the talk, ‘AI Agents Blast Radius and the MCP Horror Story,’ is below!
hack::soho is a monthly event hosted at our London, UK office for the cybersecurity and hacking community to discuss all things security over food and refreshments. We welcome you to invite others in your circle to extend our collective network.
We will also live stream this presentation on our YouTube channel. Join the live stream at the following link: https://hacksoho.live/streamJuly
Spots are limited, so please use real contact details to confirm your registration. We will not sell, distribute, or use your contact information outside of sending you details about upcoming hack::soho meetups.
ABSTRACT
The Model Context Protocol (MCP) has emerged as a powerful “USB-C for AI” standard, enabling Large Language Models to seamlessly interface with external tools and data sources. However, this innovation has inadvertently created a perfect storm for security disasters by collapsing the traditional boundaries between data and code execution. Unlike conventional APIs with static, well-defined contracts and predictable behaviors, MCP-enabled AI agents operate with emergent, non-deterministic decision-making that can chain tools and permissions in ways developers never anticipated. When combined with today’s coarse-grained authorization systems and over-privileged access tokens, a single prompt injection or compromised agent can cascade through an entire infrastructure, accessing every permission granted to its tokens across all connected systems. The GitHub MCP exploit of May 2025, where a malicious issue in a public repository led to proprietary code exfiltration from private repos, exemplifies how AI agents fundamentally break our existing security assumptions.
The blast radius of exploited AI agents dwarfs traditional security breaches because these systems inherit the union of all permissions across their tool integrations while lacking the contextual judgment and guardrails humans naturally apply. Current infrastructure falls catastrophically short: OAuth scopes are too broad, platforms don’t support granular agent-specific identities, and MCP itself lacks native authentication or risk classification for tools. This creates a scenario where an agent given GitHub access for coding assistance effectively becomes a sleeper cell with full repository control, waiting for the right prompt injection to activate. Through threat modeling and semantic graph analysis, we can visualize these terrifying attack paths and understand how a single compromised integration can propagate through an entire digital supply chain. This presentation will demonstrate why the security community must urgently evolve our identity, authorization, and monitoring frameworks before AI agents’ convenience becomes our biggest vulnerability.
More about Dinis Cruz
Dinis Cruz is an experienced security researcher with over 20 years of experience at the intersection of cybersecurity, software development, and artificial intelligence. A former CISO and OWASP leader with cutting-edge work in semantic knowledge graphs and AI-powered security solutions, he is known for his practical and creative approach to innovation. Dinis has created open source tools like O2 Platform, OSBot and MGraph-DB while pioneering the use of semantic graphs for threat modeling and is currently working on 4 GenAI powered startups: The Cyber Boardroom, MyFeeds.AI and two in stealth mode. Dinis advocates for building trust in AI systems through provenance, transparency, and human-centered design while warning about the urgent need to evolve our security infrastructure for the AI age.