The App Store Nightmare: Why AI MCP Stores Are a Trap

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/87/c2/f8/87c2f8ef-8e03-63a6-264f-698f5239d96e/mza_17716733432111276097.jpg/600x600bb.jpg

Threat Talks - Your Gateway to Cybersecurity Insights

Threat Talks

103 episodes

1 week ago

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

Tech News

News

RSS

All content for Threat Talks - Your Gateway to Cybersecurity Insights is the property of Threat Talks and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Tech News

News

https://img.transistor.fm/v8jMkBmxuR5HMnXvYNVA65if1pVeYzTKRM9wivPwEyo/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8zNWU2/YjMxMWRlNGE3YmYw/ZWZmOWRhN2M3ODZj/ZmViNy5wbmc.jpg

The App Store Nightmare: Why AI MCP Stores Are a Trap

Threat Talks - Your Gateway to Cybersecurity Insights

35 minutes

1 month ago

The App Store Nightmare: Why AI MCP Stores Are a Trap

The new AI app store is here - and it’s already making choices for your company.
This episode shows you how to spot it, stop it, and stay safe.

Host Lieuwe Jan Koning with RobMaas (Field CTO, ON2IT) explain the app storenightmare in plain language. A new system (MCP) lets AI tools like ChatGPT, Claude, and Gemini do tasks for you - sometimes too much. When a bad tool or a sneaky document gets in, it can read, send, or delete things without you noticing.

Real cases, real damage:

Postmark MCP backdoor - secretly BCC’d emails (email copies)
Shadow Escape - “zero-click” data theft from a hidden prompt
kubectl chaos - a command mistake that can wipe servers

Your quick fix: keep a list of every AI tool and give each only the access it needs. Example: let your document bot read just the “Policies” folder—not your whole drive. For more fixes, watch the full episode.

Key topics covered:

· The app storenightmare: a new AI app store you don’t control

· How a tricked document can make your AI act against you

· A simple ZeroTrust plan anyone can start today

· How to cut tool sprawl, cost, and risk—without slowing the team

If you use ChatGPT, Claude, or Gemini at work, this is your survival brief.
Subscribe for more Threat Talks and ON2IT’s Zero Trust guidance.

Guest and Host Links:

Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/

Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Click here to view the episode transcript.

Additional Resources:
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams
Anthropic MCP announcement: https://www.anthropic.com/news/model-context-protocol
OpenAI Tools/Connectors/MCP: https://platform.openai.com/docs/guides/tools-connectors-mcp
Kubernetes (kubectl): https://kubernetes.io/docs/reference/kubectl/
Reported Postmark MCP backdoor: https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html
Shadow Escape zero-click research: https://www.globenewswire.com/news-release/2025/10/22/3171164/0/en/Operant-AI-Discovers-Shadow-Escape-The-First-Zero-Click-Agentic-Attack-via-MCP.html

If this saved you a breach, subscribe to Threat Talks and follow ON2IT for weekly Zero Trust moves. New episode next week.