The Fifth Elephant
The Fifth Elephant

Speak at The Fifth Elephant 2026 Annual Conference

Share you work with the community

All submissions
Akash Sathish

Akash Sathish

@iamakash06

Before the Agent Calls exec(): Source-Level Findings from 100 MCP Servers

Submitted Jun 25, 2026

I am submitting for: Track 2 - Building & implementing AI tools & agents in production Type of session: 30 mins talk

Most teams adopting MCP servers treat security the way early npm treated dependencies, install, trust, ship. When I built MCPeek, an AST-level static analysis tool, and pointed it at 100+ popular open-source MCP servers, the results were uncomfortable: 445 real findings across 70 servers which carried at least one exploitable pattern: command injection from tool input, path traversal, SSRF, and tool-poisoning through dynamically assembled descriptions, the class no prompt filter catches.

This talk shows what those patterns look like in real shipped servers, why they survive review, and why LLM-based scanners miss them. I demo MCPeek, the open-source security scanner I built to find them: multi-pass taint tracking from tool inputs to dangerous sinks, mapped to the OWASP MCP Top 10, emitting SARIF into GitHub Code Scanning. Fully offline, no model, no cloud, no per-scan cost.

I’ll also be honest about what static analysis cannot catch and where dynamic and runtime approaches genuinely win.

Link to MCPeek: https://github.com/iamakash-06/MCPeek
NPM Package: https://www.npmjs.com/package/mcpeek

Takeaways

  • How to evaluate a third-party MCP server before connecting it to your agent workflow (the “due diligence, not runtime guarantee” model)
  • The specific vulnerability patterns to look for: command injection, path traversal,SSRF, hardcoded credentials, tool poisoning via description fields
  • How to add MCPeek to your CI pipeline (GitHub Action, two lines, fails on high-severity findings, SARIF output to GitHub Code Scanning)
  • What the limits of static analysis are and which runtime tools to pair with it for the threats it can’t see

Speaker Bio

I’m a Solution Consultant at Sahaj Software in Chennai and Ambassador of Agentic AI Foundation (official home of MCP). I’ve been neck-deep in MCP, Claude Code, and agentic architectures since before they had proper names. I’ve spoken at GitTogether 2025, The Fifth Elephant 2025, and many other conferences across AI-assisted development, MCPs and privacy-preserving ML. Right now I’m obsessed with: what happens to developer cognition when AI writes most of your code, why nobody’s building agent runtimes for the browser yet and MCP Security.

Reference Video: https://www.youtube.com/live/0xteXyBXzE8?si=Jax2SwdgIjokiNMR&t=1091

All submissions

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

The Fifth Elephant
The Fifth Elephant
Jumpstart better data engineering and AI futures