The new AI app store is here - and it’s already making choices for your company.
This episode shows you how to spot it, stop it, and stay safe.

Host Lieuwe Jan Koning with RobMaas (Field CTO, ON2IT) explain the app storenightmare in plain language. A new system (MCP) lets AI tools like ChatGPT, Claude, and Gemini do tasks for you - sometimes too much. When a bad tool or a sneaky document gets in, it can read, send, or delete things without you noticing.

Real cases, real damage:

• Postmark MCP backdoor - secretly BCC’d emails (email copies)
• Shadow Escape - “zero-click” data theft from a hidden prompt
• kubectl chaos - a command mistake that can wipe servers

Your quick fix: keep a list of every AI tool and give each only the access it needs. Example: let your document bot read just the “Policies” folder—not your whole drive. For more fixes, watch the full episode.

• (00:00) - — “There’s a new app store” (why this matters now)
• (01:05) - — MCP explained simply: agents vs. chatbots
• (03:45) - — Connectors & consent: the hidden back channel
• (06:20) - — Breach stories: Postmark backdoor, Shadow Escape theft
• (10:45) - — Kubernetes chaos: how one command can erase systems
• (14:30) - — App store & “vetting”: who’s actually checking?
• (18:10) - — Zero Trust plan: inventory, approvals, least privilege

· The app storenightmare: a new AI app store you don’t control

· How a tricked document can make your AI act against you

· A simple ZeroTrust plan anyone can start today

· How to cut tool sprawl, cost, and risk—without slowing the team

If you use ChatGPT, Claude, or Gemini at work, this is your survival brief.
Subscribe for more Threat Talks and ON2IT’s Zero Trust guidance.

Guest and Host Links:

Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/

Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Click here to view the episode transcript.

Additional Resources:
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams
Anthropic MCP announcement: https://www.anthropic.com/news/model-context-protocol
OpenAI Tools/Connectors/MCP: https://platform.openai.com/docs/guides/tools-connectors-mcp
Kubernetes (kubectl): https://kubernetes.io/docs/reference/kubectl/
Reported Postmark MCP backdoor: https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html
Shadow Escape zero-click research: https://www.globenewswire.com/news-release/2025/10/22/3171164/0/en/Operant-AI-Discovers-Shadow-Escape-The-First-Zero-Click-Agentic-Attack-via-MCP.html

If this saved you a breach, subscribe to Threat Talks and follow ON2IT for weekly Zero Trust moves. New episode next week.