Olivia
Online
Practical DevSecOps
@PDevsecops
San Francisco
Joined December 2018
205 Following
1.9K Followers
681 Posts
An MCP compromise may look like normal tool usage. π¨
The agent invokes tools, retrieves data, and returns an answer.
But the instruction came from the wrong place.
https://t.co/dZ74QEvClC
#IncidentResponse
Authenticated does not mean hardened. π‘οΈ
Your MCP server may have OAuth and logs, but is it running as root? Storing secrets in images? Allowing open egress?
https://t.co/GXhwsnDroz
#ServerHardening
MCP risk is not just an AppSec issue. π
It crosses API security, cloud security, third-party risk, identity, logging, and governance.
CISOs need a real framework.
https://t.co/Qqu3XxYCDo
#MCPSecurity
OAuth is not enough if every agent can call every tool. π
For MCP, use session-scoped access: role plus task equals allowed tools.
Give the agent only what the task needs.
https://t.co/z6d3lhPEts
#MCPAuth
Who to follow
AI Security Engineers
@aiseceng
Advancing AI security by uniting innovators, researchers, builders, and defenders to share insights on securing AI-powered and agentic applications.
Marco Lancini
@lancinimarco
πΌ Director of Security
π¬ @CloudSecList
π https://t.co/TrQKzxfnYg
π¬ I write about security strategy, technical leadership, and cloud security.
Clint Gibler
@clintgibler
π‘οΈ Head of Security Research @semgrep
π Creator of https://t.co/xwtIAI0CuJ newsletter
Prompt injection is no longer just a chat input problem. π§
With MCP, instructions can enter through PDFs, web pages, emails, calendars, memory, and other agents.
https://t.co/lEXE8PLA8T
#PromptInjection
Quick MCP audit question: π
Can someone access your tool manifest without logging in?
If yes, attackers can see tool names, descriptions, schemas, and capabilities.
https://t.co/4COqnu9IsF
#MCPSecurity
The user sees a tool name.
The model sees the full tool description. π§ͺ
That hidden surface can be poisoned. Hash manifests, detect drift, and monitor tool call chains.
https://t.co/3XAfTCOns1
#ToolPoisoning #MCPSecurity
MCP connects agents to databases, code, email, cloud APIs, and internal tools. π
That is power and risk in the same pipe.
Inventory servers, remove secrets, add OAuth, enforce allowlists, and log tool calls.
https://t.co/L8mHKjUndZ
#MCPSecurity
MCP now has an OWASP Top 10. β οΈ
30+ MCP CVEs were filed in Jan-Feb 2026. 43% were shell injection issues.
If your agents touch code, data, email, or cloud APIs, start here:
https://t.co/QJ5skY2eaN
#MCPSecurity #OWASP
π¨ Happening TODAY!
π‘ DevSecOps Live: Agentic AI Threat Modeling with MAESTRO
β
MAESTRO 7-layer walkthrough πΊοΈ
β
Live MCP deployment demo π¬
β
Real agentic threats π
ποΈ Speaker: Ken Huang
π https://t.co/nK4buh7fZI
#DevSecOps #AgenticAI #MAESTRO #AISecurity
ποΈ Two days to go!
This one is for you if you are π
π Security Engineer
βοΈ DevSecOps Practitioner
π‘οΈ AppSec Professional
π€ AI/ML Engineer
π Security Leader
Free. 23rd April. DevSecOps Live. π―
π https://t.co/nK4buh6Iaa
#AgenticAI #MAESTRO #AISecurity #DevSecOps
πΊοΈ MAESTRO's 7 layers π
Foundation Models
Data Operations
Agent Frameworks
Infrastructure
Observability
Integration
Agent Ecosystem
π¨ Most teams stop at Layer 1.
π‘ DevSecOps Live | 23rd April
π https://t.co/nK4buh7fZI
#MAESTRO #AgenticAI #AISecurity
π Ken Huang | DevSecOps Live ποΈ
π CEO, https://t.co/sgX0AJwE6y π’
π CSA Fellow π‘οΈ
π OWASP AIVSS Project Lead π
π 14 books on AI security π
π Speaker: RSA, WEF Davos, IEEE π€
Join him 23rd April ποΈ
π https://t.co/nK4buh7fZI
#AISecurity #AgenticAI #DevSecOps #Infosec
β οΈ STRIDE. DREAD. PASTA.
Built for deterministic software. Not for AI agents. π€
π― MAESTRO closes that gap.
π‘ DevSecOps Live | 23rd April 2026
β° 10.00 EDT / 14.00 GMT / 19.30 IST / 22.00 SGT
π https://t.co/nK4buh7fZI
#AgenticAI #MAESTRO #AISecurity #DevSecOps
π‘ Next DevSecOps Live is here! π
π₯οΈ Topic: Agentic AI Threat Modeling with MAESTRO
ποΈ Speaker: Ken Huang
ποΈ 23rd April 2026
β° 10.00 EDT / 14.00 GMT / 19.30 IST / 22.00 SGT π
π https://t.co/nK4buh7fZI
#AISecurity #AgenticAI #MAESTRO #DevSecOps #Infosec
Spending thousands on scanners π
Skipping what makes them useful?
4 questions before writing code:
β‘οΈ What are we building?
β‘οΈ What can go wrong?
β‘οΈ What do we do about it?
β‘οΈ Did we do a good job?
#ThreatModeling #DevSecOps #AppSec #SecurityBasics
https://t.co/463Y1CLVvk
Most DevSecOps rollouts fail in 90 days π
Not bad tech. No plan.
Phase 1: Assess gaps
Phase 2: Align people
Phase 3: Automate right
Phase 4: Measure + iterate
Skipping phases = 3x the debt.
#DevSecOps #Implementation #SDLC #CyberSecurity
https://t.co/qeFgYY3Xbk
Wrong tool = false confidence π οΈ
By category:
π¦ SBOM: Syft, CycloneDX
π Scanning: Trivy, Grype, Snyk
π Signing: Cosign, Notary
π³ Container: Harbor, Dockle
A scanner nobody checks = no scanner.
#DevSecOps #SupplyChainSecurity #SecurityTools
https://t.co/siSuHXfuWH
2025 = DevSecOps stopped being optional π
AI threats outpaced defenses.
Supply chain attacks went mainstream.
Compliance forced security into business functions.
Adapted early = miles ahead in 2026.
#DevSecOps #CyberSecurity #SecurityTrends #appsec
https://t.co/Ei2Svms7oj
Capital One 2019. K8s misconfiguration. $300M π
Best practices:
π RBAC first
π Encrypt secrets at rest
π Network policies (default deny)
π Scan every image
π Monitor runtime behavior
#Kubernetes #KubernetesSecurity #DevSecOps #ContainerSecurity
https://t.co/WQOA7hJTYl
Last Seen Users on Sotwe
Jonathan Ross 
Seen from Singapore
ΰΈͺΰΈ²ΰΈ§ΰΉΰΈ«ΰΈΰΉΰΈΰΈ±ΰΈΰΉΰΈ’ΰΈ
Seen from Thailand
Paylasimci
Seen from Turkey
Nigel Bretania
Seen from Malaysia
priya__ππ
Seen from India
Chicas de sacapulas
Seen from Guatemala
VAN | Project QT
Seen from Mexico
Love birds
Seen from Netherlands
#ZZN
Seen from Argentina
anaπΈ
Seen from United States
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers