The Model Context Protocol (MCP) is rapidly becoming the backbone for AI -based systems that need access to external data, but with great power comes great responsibility, especially when securing server implementations. In this conversation with Nate and Wils, founding engineers at Arcade.dev, we’ll explore advanced security patterns for MCP servers, from OAuth 2.1 flows and token validation to defending against confused deputy attacks, session hijacking, and token passthrough vulnerabilities. We’ll also highlight how all of this accrues to the emerging agentic space, where the interactions are no longer constrained to humans in the loop.