The AppSec Insiders

Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know

For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizations of all sizes with their cybersecurity needs.

If you’re an AppSec professional looking for an opportunity to work with some of the best in the industry, or a developer with an interest in cybersecurity, be sure to check out our careers page at ForwardSecurity.com/careers

We would greatly appreciate it if you subscribed to the podcast wherever you listen to the show, and be sure to follow us on LinkedIn and Twitter at Forward Security. Links are in the show notes.

• https://www.ForwardSecurity.com
• https://www.linkedin.com/company/fwdsec/mycompany/verification/
• https://twitter.com/fwd_sec

All Episodes

The AppSec Insiders

Prompt Injection to RCE: When AI Gets Compromised | The AppSec Insiders Ep.16

July 25, 2025 • Farshad Abasi

In this episode, we unpack CVE-2025-49596, where prompt injection, CSRF, and localhost access were chained to achieve RCE in the MCP Inspector AI tool. Learn how the exploit worked, what it reveals about LLM security risks, and how to defend against similar threats with sandboxing, access controls, and DevSecOps monitoring.