The new AI app store is here - and it’s already making choices for your company. This episode shows you how to spot it, stop it, and stay safe.Host Lieuwe Jan Koning with RobMaas (Field CTO, ON2IT) explain the app storenightmare in plain language. A new system (MCP) lets AI tools like ChatGPT, Claude, and Gemini do tasks for you - sometimes too much. When a bad tool or a sneaky document gets in, it can read, send, or delete things without you noticing.Real cases, real damage:Postmark MCP backdoor - secretly BCC’d emails (email copies)Shadow Escape - “zero-click” data theft from a hidden promptkubectl chaos - a command mistake that can wipe serversYour quick fix: keep a list of every AI tool and give each only the access it needs. Example: let your document bot read just the “Policies” folder—not your whole drive. For more fixes, watch the full episode.Key topics covered:·       The app storenightmare: a new AI app store you don’t control·       How a tricked document can make your AI act against you·       A simple ZeroTrust plan anyone can start today·       How to cut tool sprawl, cost, and risk—without slowing the teamIf you use ChatGPT, Claude, or Gemini at work, this is your survival brief. Subscribe for more Threat Talks and ON2IT’s Zero Trust guidance. Guest and Host Links: Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/ Click here to view the episode transcript.
Additional Resources:Threat Talks: https://threat-talks.com/ ON2IT (Zero Trust as a Service): https://on2it.net/ AMS-IX: https://www.ams-ix.net/ams Anthropic MCP announcement: https://www.anthropic.com/news/model-context-protocol OpenAI Tools/Connectors/MCP: https://platform.openai.com/docs/guides/tools-connectors-mcp Kubernetes (kubectl): https://kubernetes.io/docs/reference/kubectl/ Reported Postmark MCP backdoor: https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html Shadow Escape zero-click research: https://www.globenewswire.com/news-release/2025/10/22/3171164/0/en/Operant-AI-Discovers-Shadow-Escape-The-First-Zero-Click-Agentic-Attack-via-MCP.htmlIf this saved you a breach, subscribe to Threat Talks and follow ON2IT for weekly Zero Trust moves. New episode next week.

Ver todos los episodios