What an 'Aha' Moment with an Org Admin Token Taught One DevSecCon Speaker About AI Security

As the Snyk team prepares for two significant events in October, the DevSecCon Flagship conference and the inaugural AI Security Summit, Brett Smith, a distinguished software developer, shares insights into his career and the focus of his upcoming AI-centric session. With over 25 years in IT, primarily in system administration and security engineering, Smith has been working on securing pipelines against potential threats posed by AI and generative AI technologies. His session, "Agents and MCP Servers: Are the Electric Sheep Safe?", references the blurring line between humans and machines, inspired by "Blade Runner" and "Do Androids Dream of Electric Sheep?". The talk will address new attack surfaces introduced by AI in supply chains and propose strategies for mitigating these risks, particularly focusing on the security of MCP servers and agents. Smith emphasizes the importance of treating AI tools with the same security considerations as traditional software, sharing an "aha!" moment from his experience with an insecure GitHub MCP server authentication. He hopes attendees, including platform engineers, DevOps engineers, developers, and security professionals, will leave with a heightened awareness of AI security challenges. The upcoming DevSecCon 2025 aims to expand knowledge in AI security through expert-led sessions and networking opportunities.