April 22, 2025

Episode 283 - Intentionally-Vulnerable MCP Server, Hallucinating Software Packages

Listen Later

53 minutes

Ok, so vulnerable MCP tools are a thing now? Ken demonstrates installing and running an intentionally vulnerable MCP server with a bunch of example issues. Following is a discussion of the recent article and research around hallucinations of 3rd party dependencies/libraries in AI-Generated Python and JavaScript. New attack targets all dependent on how creative the LLM is allowed to be. A short aside on why we talk about AI and LLMs so much.

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Absolute AppSec

By Ken Johnson and Seth Law

4.9

1717 ratings

April 22, 2025

Episode 283 - Intentionally-Vulnerable MCP Server, Hallucinating Software Packages

Listen Later

53 minutes

Ok, so vulnerable MCP tools are a thing now? Ken demonstrates installing and running an intentionally vulnerable MCP server with a bunch of example issues. Following is a discussion of the recent article and research around hallucinations of 3rd party dependencies/libraries in AI-Generated Python and JavaScript. New attack targets all dependent on how creative the LLM is allowed to be. A short aside on why we talk about AI and LLMs so much.

...more

More shows like Absolute AppSec

Stuff You Should Know by iHeartPodcasts

Stuff You Should Know

78,688 Listeners

Planet Money by NPR

Planet Money

30,609 Listeners

Risky Business by Risky Business Media

Risky Business

371 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,077 Listeners

Application Security Weekly (Audio) by Mike Shema

Application Security Weekly (Audio)

13 Listeners