Securing Remote MCP Servers
Jake Berkowsky
fwd:cloudsec North America 2025 · Day 1 · Track 1 - Crystal
Jake Berkowsky, a principal architect and field CTO at Snowflake, delivered a pragmatic briefing on the security challenges of **Model Context Protocol (MCP)** servers -- the emerging standard for connecting AI clients like Claude Desktop, ChatGPT, and Cursor to external tools and data sources. Rather than chasing the sensationalist headlines about MCP vulnerabilities, Berkowsky focused specifically on server-side threats, transport layer security, authorization pitfalls, and why the enterprise should adopt a **platform engineering approach** to MCP deployment. The talk is notable for its honest assessment that MCP's client-side security model is essentially a return to the **ActiveX era**, where isolation guarantees we take for granted in web browsers simply do not exist.
AI review
A pragmatic overview of MCP server security concerns that covers transport layers, OAuth pitfalls, and session management, but never drops below the surface. No novel vulnerabilities, no exploit code, no actual attack demonstrations. The ActiveX analogy is the sharpest insight in the talk, and even that is an observation rather than a finding.