Name: Threat Modeling Authorization in MCP - Sarah Cecchetti, OpenID Foundation
Start: 2026-04-03T12:00:00-0400
End: 2026-04-03T12:25:00-0400

April 2-3, 2026
New York, NY
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit North America to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Threat Modeling Authorization in MCP - Sarah Cecchetti, OpenID Foundation

Friday April 3, 2026 12:00pm - 12:25pm EDT

Empire Complex (7th Floor)

This session will describe the work of the AI Threat Modeling working group within the OpenID Foundation. Security considerations in OAuth were a concern before MCP, and MCP's use of OAuth raises additional concerns including malicious elicitation and code execution requests. I will describe MCP attacks which enable attackers to exfiltrate sensitive data, compromise password-protected accounts, and gain remote control of local machines.

Speakers

Sarah Cecchetti

Chair of AI Threat Modeling Working Group, OpenID Foundation

By day, Sarah is Director of Product Management for Semperis, a Series C startup. She also chairs the AI threat modeling group in the OpenID Foundation. Prior to that she spent five years at AWS where she led the open-sourcing of Cedar. She co-founded IDPro and co-authored NIST SP... Read More →

presentation pdf

Friday April 3, 2026 12:00pm - 12:25pm EDT
Empire Complex (7th Floor)

Security and Operations

Audience Experience Level Beginner
Session Slides Yes

MCP Dev Summit North America

Sarah Cecchetti

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Get help with the event