The avforums podcast brings you the latest tech, movie and gaming news, plus special features, interviews and show reports from the world of audio visual home entertainment
…
continue reading
Content provided by Threat Talks. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Threat Talks or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Similar to Threat Talks - Your Gateway to Cybersecurity Insights
The Official AWS Podcast is a podcast for developers and IT professionals looking for the latest news and trends in storage, security, infrastructure, serverless, and more. Join Simon Elisha and Hawn Nguyen-Loughren for regular updates, deep dives, launches, and interviews. Whether you’re training machine learning models, developing open source projects, or building cloud solutions, the Official AWS Podcast has something for you.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
He was born Hamish Watson, a surfie dude from Sydney – but he could morph into whatever you needed him to be. Hamish is due to be sentenced to jail in early 2019 for swindling a handful of victims out of more than $7m. But these crimes are just the final pages in a resume too thick to staple; for decades he’s duped victims in the US, Canada, Britain, Hong Kong and Australia. How did he do it? How did he evade authorities around the world for so long and what’s he done with all those tens of ...
…
continue reading
Join Larry Mantle weekdays for lively and in-depth discussions of Los Angeles and Southern California news, politics, science, entertainment, the arts and more. More AirTalk at www.kpcc.org.
…
continue reading
Technical interviews about software topics.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell and the rotating cast of The Hustle. Plus, expert insight on business strategies including marketing, scaling, sales, and overall entrepreneurship.
…
continue reading
Feel brighter every day with our 20-minute pop-biz news podcast. The 3 business stories you need, with fresh takes you can pretend you came up with — Pairs perfectly with your morning oatmeal ritual. Hosted by Jack Crivici-Kramer & Nick Martell. Formerly known as “Snacks Daily”, Nick and Jack continue their podcast independent from Robinhood.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
The App Store Nightmare: Why AI MCP Stores Are a Trap
Manage episode 518845693 series 3682930
Content provided by Threat Talks. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Threat Talks or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
The new AI app store is here - and it’s already making choices for your company.
This episode shows you how to spot it, stop it, and stay safe.
Host Lieuwe Jan Koning with RobMaas (Field CTO, ON2IT) explain the app storenightmare in plain language. A new system (MCP) lets AI tools like ChatGPT, Claude, and Gemini do tasks for you - sometimes too much. When a bad tool or a sneaky document gets in, it can read, send, or delete things without you noticing.
Real cases, real damage:
- Postmark MCP backdoor - secretly BCC’d emails (email copies)
- Shadow Escape - “zero-click” data theft from a hidden prompt
- kubectl chaos - a command mistake that can wipe servers
Your quick fix: keep a list of every AI tool and give each only the access it needs. Example: let your document bot read just the “Policies” folder—not your whole drive. For more fixes, watch the full episode.
- (00:00) - — “There’s a new app store” (why this matters now)
- (01:05) - — MCP explained simply: agents vs. chatbots
- (03:45) - — Connectors & consent: the hidden back channel
- (06:20) - — Breach stories: Postmark backdoor, Shadow Escape theft
- (10:45) - — Kubernetes chaos: how one command can erase systems
- (14:30) - — App store & “vetting”: who’s actually checking?
- (18:10) - — Zero Trust plan: inventory, approvals, least privilege
Key topics covered:
· The app storenightmare: a new AI app store you don’t control
· How a tricked document can make your AI act against you
· A simple ZeroTrust plan anyone can start today
· How to cut tool sprawl, cost, and risk—without slowing the team
If you use ChatGPT, Claude, or Gemini at work, this is your survival brief.
Subscribe for more Threat Talks and ON2IT’s Zero Trust guidance.
Guest and Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/
Click here to view the episode transcript.
Additional Resources:
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams
Anthropic MCP announcement: https://www.anthropic.com/news/model-context-protocol
OpenAI Tools/Connectors/MCP: https://platform.openai.com/docs/guides/tools-connectors-mcp
Kubernetes (kubectl): https://kubernetes.io/docs/reference/kubectl/
Reported Postmark MCP backdoor: https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html
Shadow Escape zero-click research: https://www.globenewswire.com/news-release/2025/10/22/3171164/0/en/Operant-AI-Discovers-Shadow-Escape-The-First-Zero-Click-Agentic-Attack-via-MCP.html
If this saved you a breach, subscribe to Threat Talks and follow ON2IT for weekly Zero Trust moves. New episode next week.
96 episodes
Share
Manage episode 518845693 series 3682930
Content provided by Threat Talks. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Threat Talks or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
The new AI app store is here - and it’s already making choices for your company.
This episode shows you how to spot it, stop it, and stay safe.
Host Lieuwe Jan Koning with RobMaas (Field CTO, ON2IT) explain the app storenightmare in plain language. A new system (MCP) lets AI tools like ChatGPT, Claude, and Gemini do tasks for you - sometimes too much. When a bad tool or a sneaky document gets in, it can read, send, or delete things without you noticing.
Real cases, real damage:
- Postmark MCP backdoor - secretly BCC’d emails (email copies)
- Shadow Escape - “zero-click” data theft from a hidden prompt
- kubectl chaos - a command mistake that can wipe servers
Your quick fix: keep a list of every AI tool and give each only the access it needs. Example: let your document bot read just the “Policies” folder—not your whole drive. For more fixes, watch the full episode.
- (00:00) - — “There’s a new app store” (why this matters now)
- (01:05) - — MCP explained simply: agents vs. chatbots
- (03:45) - — Connectors & consent: the hidden back channel
- (06:20) - — Breach stories: Postmark backdoor, Shadow Escape theft
- (10:45) - — Kubernetes chaos: how one command can erase systems
- (14:30) - — App store & “vetting”: who’s actually checking?
- (18:10) - — Zero Trust plan: inventory, approvals, least privilege
Key topics covered:
· The app storenightmare: a new AI app store you don’t control
· How a tricked document can make your AI act against you
· A simple ZeroTrust plan anyone can start today
· How to cut tool sprawl, cost, and risk—without slowing the team
If you use ChatGPT, Claude, or Gemini at work, this is your survival brief.
Subscribe for more Threat Talks and ON2IT’s Zero Trust guidance.
Guest and Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/
Click here to view the episode transcript.
Additional Resources:
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams
Anthropic MCP announcement: https://www.anthropic.com/news/model-context-protocol
OpenAI Tools/Connectors/MCP: https://platform.openai.com/docs/guides/tools-connectors-mcp
Kubernetes (kubectl): https://kubernetes.io/docs/reference/kubectl/
Reported Postmark MCP backdoor: https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html
Shadow Escape zero-click research: https://www.globenewswire.com/news-release/2025/10/22/3171164/0/en/Operant-AI-Discovers-Shadow-Escape-The-First-Zero-Click-Agentic-Attack-via-MCP.html
If this saved you a breach, subscribe to Threat Talks and follow ON2IT for weekly Zero Trust moves. New episode next week.
96 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Threat Talks - Your Gateway to Cybersecurity Insights
The avforums podcast brings you the latest tech, movie and gaming news, plus special features, interviews and show reports from the world of audio visual home entertainment
…
continue reading
The Official AWS Podcast is a podcast for developers and IT professionals looking for the latest news and trends in storage, security, infrastructure, serverless, and more. Join Simon Elisha and Hawn Nguyen-Loughren for regular updates, deep dives, launches, and interviews. Whether you’re training machine learning models, developing open source projects, or building cloud solutions, the Official AWS Podcast has something for you.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Thanks for visiting The Cell Phone Junkie! I will be taking the time each week to discuss my favorite topic, cell phones. Any feedback is appreciated and welcome. You can email me at: questions (AT) thecellphonejunkie (DOT) com or call: 206-203-3734 Thanks and welcome!
…
continue reading
He was born Hamish Watson, a surfie dude from Sydney – but he could morph into whatever you needed him to be. Hamish is due to be sentenced to jail in early 2019 for swindling a handful of victims out of more than $7m. But these crimes are just the final pages in a resume too thick to staple; for decades he’s duped victims in the US, Canada, Britain, Hong Kong and Australia. How did he do it? How did he evade authorities around the world for so long and what’s he done with all those tens of ...
…
continue reading
Join Larry Mantle weekdays for lively and in-depth discussions of Los Angeles and Southern California news, politics, science, entertainment, the arts and more. More AirTalk at www.kpcc.org.
…
continue reading
Technical interviews about software topics.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell and the rotating cast of The Hustle. Plus, expert insight on business strategies including marketing, scaling, sales, and overall entrepreneurship.
…
continue reading
Feel brighter every day with our 20-minute pop-biz news podcast. The 3 business stories you need, with fresh takes you can pretend you came up with — Pairs perfectly with your morning oatmeal ritual. Hosted by Jack Crivici-Kramer & Nick Martell. Formerly known as “Snacks Daily”, Nick and Jack continue their podcast independent from Robinhood.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
