Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs

MCP 2.0 vs 1.0: How AI Security Protocol Evolved

commvault
03/12/2026
0
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


TL;DR

  • MCP 1.x focused on enabling AI adoption and onboarding enterprises to use AI tools, while MCP 2.0 shifts focus to securing AI execution within enterprise environments.
  • OAuth support in MCP 2.0 enables standardized identity management with least privilege enforcement, addressing the lack of authority verification in version 1.x.
  • Structured schemas create a whitelist approach that defines exactly what actions AI tools can perform, significantly mitigating prompt injection attack vectors.

This STRIVE podcast clip features Werner Nel, Principal Security & AI Intelligence at Commvault, explaining the rapid evolution from MCP 1.0 to MCP 2.0 and why this progression was necessary for enterprise AI security. The discussion establishes a clear distinction between the two protocol versions: MCP 1.x was fundamentally about enabling AI adoption within organizations, providing the tools and protocols needed to utilize AI and empower enterprises to leverage existing toolsets. MCP 2.0 represents a fundamental shift toward securing that adoption, addressing the critical question of how AI can execute actual work within an enterprise without creating security risks. Nel outlines three foundational changes introduced in MCP 2.0. First, OAuth support brings standardized identity and access management to the protocol, enabling organizations to assign permissions and privileges to specific cryptographic keys and enforce least privilege principles. Second, structured schemas address one of the primary attack vectors for prompt injection by creating a whitelist approach that defines specifically what actions a tool can perform while ignoring everything else. Third, the elicitation flow introduces human-in-the-loop controls that allow organizations to pause AI agent workflows at any point for interrogation, credential reissuance, or explicit confirmation of high-risk actions. The conversation acknowledges that while these enhancements represent significant progress, the specification will continue to evolve at the same rapid pace as AI itself, with MCP 2.0 serving as a launching pad for future security maturity.

Chapters

0:00 - Introduction to MCP Evolution
0:22 - MCP 1.x: Enabling AI Adoption
0:57 - MCP 2.0: Securing AI Execution
2:06 - OAuth Support and Least Privilege
2:53 - Structured Schemas for Prompt Injection Defense
3:53 - Human-in-the-Loop Elicitation Flow

Key Quotes

1:02 "Really 2.0 was introduced to answer a basic question of how can I have AI execute actual work within my enterprise without it creating a security risk? ..."
2:46 "OAuth 2.0 brings that standardization in. So we're able to exercise least privilege."
4:24 "Having that mechanism put in place completely changes everything happening autonomously and us needing to log that and try and keep track of what's going on."
Categories:
  • » Webinar Library » Commvault
  • » Cybersecurity » Identity & Access Management (IAM)
  • » Data Protection
Channels:
News:
Events:
Tags:
  • MCP Protocol
  • AI Security
  • OAuth
  • Prompt Injection
  • Enterprise AI
  • AI Agents
  • Human-in-the-Loop
  • Access Control
  • Security Architecture
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: MCP 2.0 vs 1.0: How AI Security Protocol Evolved

              Upcoming Webinar Calendar

              • 03/17/2026
                06:00 AM
                03/17/2026
                L'importance cruciale de l'ITDR pour 2026 et au-delà
                https://www.truthinit.com/index.php/channel/1856/limportance-cruciale-de-litdr-pour-2026-et-au-delà/
              • 03/18/2026
                01:00 PM
                03/18/2026
                Beyond Chatbots: Agentic AI That Actually Fixes Identity Risk
                https://www.truthinit.com/index.php/channel/1847/beyond-chatbots-agentic-ai-that-actually-fixes-identity-risk/
              • 03/19/2026
                11:00 AM
                03/19/2026
                Risk in Real Time: Stopping Exploits Before the CVE Even Exists
                https://www.truthinit.com/index.php/channel/1372/unlocking-network-intelligence-for-smarter-risk-decisions/
              • 03/19/2026
                01:00 PM
                03/19/2026
                Cyber CSI 2.0: Phishing Forensics in the Age of AI and Deepfakes
                https://www.truthinit.com/index.php/channel/1842/cyber-csi-2-0-phishing-forensics-in-the-age-of-ai-and-deepfakes/
              • 03/26/2026
                01:00 AM
                03/26/2026
                Reclaim Network Clarity and Accountability with Netskope DEM
                https://www.truthinit.com/index.php/channel/1846/reclaim-network-clarity-and-accountability-with-netskope-dem/
              • 03/26/2026
                05:00 AM
                03/26/2026
                ITDR as an Integral Component of Critical Security Architecture
                https://www.truthinit.com/index.php/channel/1863/itdr-as-an-integral-component-of-critical-security-architecture/
              • 03/26/2026
                01:00 PM
                03/26/2026
                HUMAN Dialogue: Transforming City-Scale Cyber Resilience through AI Innovations
                https://www.truthinit.com/index.php/channel/1835/human-dialogue-transforming-city-scale-cyber-resilience-through-ai-innovations/
              • 03/26/2026
                01:00 PM
                03/26/2026
                Making GPUs Available On Demand (Without Breaking the Budget)
                https://www.truthinit.com/index.php/channel/1858/making-gpus-available-on-demand-without-breaking-the-budget/
              • 04/08/2026
                01:00 PM
                04/08/2026
                Managing Configuration at Scale Across Group Policy and Intune
                https://www.truthinit.com/index.php/channel/1865/managing-configuration-at-scale-across-group-policy-and-intune/

              Upcoming Events

              • Apr
                08

                Managing Configuration at Scale Across Group Policy and Intune

                04/08/202601:00 PM ET
                • Mar
                  26

                  HUMAN Dialogue: Transforming City-Scale Cyber Resilience through AI Innovations

                  03/26/202601:00 PM ET
                  • Mar
                    26

                    Making GPUs Available On Demand (Without Breaking the Budget)

                    03/26/202601:00 PM ET
                    • Mar
                      26

                      ITDR as an Integral Component of Critical Security Architecture

                      03/26/202605:00 AM ET
                      • Mar
                        26

                        Reclaim Network Clarity and Accountability with Netskope DEM

                        03/26/202601:00 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version