TalksAWS re:Invent 2025 - Securing AI Agent Ecosystems: MCP Server & Agent Security at Scale (ISV325)

AWS re:Invent 2025 - Securing AI Agent Ecosystems: MCP Server & Agent Security at Scale (ISV325)

Securing AI Agent Ecosystems: MCP Server & Agent Security at Scale

Overview of Cisco AI Defense

  • Cisco AI Defense is a product that can discover AI assets, including MCP agents and models, and run red teaming evaluations to identify vulnerabilities.
  • It also provides capabilities to protect AI agents and models, as well as MCP servers.

Evolution of AI and Emerging Risks

  • The evolution of AI has progressed from simple chatbots to more complex, agentic AI systems.
  • With this evolution, new attack surface areas and risks have emerged, including:
    1. Supply chain risks
    2. Runtime risks

MCP Supply Chain Risks

  • Supply chain attacks can exploit or tamper with third-party software, including MCP servers.
  • Two main risks with MCP:
    1. Compromised MCP servers
    2. Use of "shadow" MCP servers (unauthorized servers for specific APIs/tools)

MCP Supply Chain Attack Vectors

  1. Tool Poisoning: Injecting malicious code into the description of an MCP tool, which can then be passed to the language model.
  2. Malicious Code Injection: Injecting malicious code directly into the implementation of an MCP tool.

Securing the MCP Supply Chain

  1. Use Trusted MCP Registries: Register and use only trusted MCP servers, verifying the tool descriptions and implementations for safety.
  2. Run MCP Server Scans: Continuously scan MCP servers for vulnerabilities using tools like the open-source MCP Scanner.
  3. Implement Least Privilege Access: Ensure MCP servers and tools have the minimum required permissions and access controls.

Runtime Protection for AI Agents

  • Deploy an "MCP-aware" and "agent-aware" gateway to monitor the complex interactions between agents and MCP servers.
  • This gateway can help ensure the security and integrity of these interactions at runtime.

Integrating Cisco AI Defense with Open-Source MCP Registry

  • Demonstration of integrating Cisco AI Defense with an open-source MCP registry and server.
  • Cisco AI Defense can scan MCP servers during the onboarding process and provide vulnerability reports.
  • This can be integrated into a CI/CD or MLOps pipeline to ensure the security of MCP servers before they are used.

Integrating Cisco AI Defense with Amazon Bedrock Agent Core

  • Cisco AI Defense can integrate with Amazon Bedrock Agent Core in three ways:
    1. Scanning Bedrock Agent Core gateways for vulnerabilities
    2. Scanning individual A2A agents deployed on Bedrock Agent Core runtime
    3. Proactively scanning all MCP servers and A2A agents in an AWS account

Key Takeaways

  • The evolution of AI, particularly the rise of agentic AI systems, has introduced new security risks in the form of supply chain attacks and runtime vulnerabilities.
  • Securing the MCP supply chain is crucial, requiring the use of trusted registries, continuous scanning, and least privilege access controls.
  • Runtime protection for AI agents is also essential, with the need for an "MCP-aware" and "agent-aware" gateway to monitor interactions.
  • Integrations between Cisco AI Defense and open-source MCP registries, as well as Amazon Bedrock Agent Core, can help organizations address these security challenges.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.