What an 'Aha' Moment with an Org Admin Token Taught One DevSecCon Speaker About AI Security

As the summer winds down and conversation around AI Security heats up, the Snyk team is in full swing planning mode for a double-header this October—with the return of DevSecCon’s Flagship conference, focusing this year on Securing the Shift to AI Native, and serving as the founding partner of the inaugural AI Security Summit. 

Brett Smith, Distinguished Software Developer at SAS, Snyk Ambassador, and two-time DevSecCon speaker, shared his inspiration for this year’s AI-focused session, and what has him anxious about the future of AI Sec, and more.

Can you share a bit about your professional background and what led you to where you are today?

I’ve been in IT for 25+ years, with a primary background in system administration. I have worn many hats over the years: tester, developer, distro maintainer, system administrator, and security engineer, with a common theme of automation. 

While the titles change from Sys Admin to DevOps, SRE, and now Platform Engineer, the job remains the same. When Executive Order 14028 was released, I began working on securing our supply chain and pipelines to meet the attestation requirements. With the rise of AI / LLMs / Generative AI, I have been working on how to securely integrate these new tools into our pipelines.

Please share the inspiration behind the title of your talk, Agents and MCP Servers: Are the Electric Sheep Safe?,  and what it means to you.

The titles for my talks always include electric sheep–It is a bit, and you have to stick to the bit. It is a reference to Blade Runner and the book it was based on, Do Androids Dream of Electric Sheep. The electric sheep are our products. 

I always try to include references to it in my talks. It is especially fitting for AI, where the line between human and machine is getting blurry now that models have passed the Turing Test.​

Without giving too much away, what is the core problem your session aims to solve, and why should attendees be excited about your session?

MCP Servers and Agents are a new attack surface for supply chain attacks. As we add the non-deterministic AI into our pipelines, we need to be aware of the security implications of these new tools. 

We’ll discuss how agentic AI can enhance the SDLC while also addressing the security risks it introduces. The talk will cover the role of MCP servers in managing these risks and provide strategies for securing them against potential attacks.

Could you describe any specific “aha!” moments that arose while developing your session content?

While I was working on an MCP server for our pipeline and completing some online tutorials, I realized that security was mostly neglected in the examples. In testing out the GitHub MCP server as part of the project, I realized that the server was using my Org Admin Token to authenticate to GitHub instead of the read-only token I made specifically for the MCP server. 

I could have wiped out a full org. At that point, I decided I needed to work on a security checklist for using MCP servers and Agents.

Who will benefit most from attending your session, and what’s one key takeaway you hope they leave with?

I hope the Platform Engineers, DevOps Engineers, Developers, and Security Professionals will understand that AI / LLMs / Generative AI in the pipeline requires the same level of security as any other code or tool.

Your event tagline is that you’re scared of robots. What are you most anxious about regarding the future of AI as it relates to security?

AI models in the supply chain. Non-deterministic gremlins running amok.

What are you most looking forward to about DevSecCon 2025?

I’m really looking forward to expanding my AI security knowledge and learning from the experts in the field, plus, talking to Gerald Crescione is always a good time.

Don’t miss Brett’s session, or the rest of our incredible lineup. Register for DevSecCon 2025 now to secure your spot and get a full day of virtual AI security content, strategies, and networking opportunities.