Quand les hackers visent les MCP de votre entreprise ! (Avec ChatGPT)

#ParlonsIA CHAT GPT - Perplexity -Claude

il y a 2 jours

❤️ MES FORMATIONS → https://parlonsia.teachizy.fr/❤️ Vous devez absolument apprendre le L’introduction des MCP (Model Context Protocol) et des MCP Servers dans ChatGPT et ChatGPT-5 représente une véritable révolution pour l’intelligence artificielle (AI) appliquée aux entreprises. Grâce au Model Context Protocol, ChatGPT, et plus particulièrement ChatGPT-5, peut désormais se connecter directement à des MCP Servers afin de démultiplier ses capacités, automatiser les processus, et devenir un véritable autopilot AI pour l’entreprise.

🔗 Rejoins la communauté IA & Business
🌐 https://parlonsia.teachizy.fr
📺 https://www.youtube.com/@IAExpliquee.x
📺 https://dailymotion.com/formation.ai87
📘 Facebook : https://bit.ly/4kabhuA
🐦 Twitter / X : https://x.com/ParlonsIAx
📩 Contact : formation.ai87@gmail.com
🎙️Podcast – https://spoti.fi/4dqZ3uO
✍ BLog: https://medium.com/@flma1349/
💃https://www.tiktok.com/@parlonsia

---------------------------
IA a tester :

Coder agent IA: https://bit.ly/Coder_agentiA
Short AI: http://bit.ly/4lzE782
SEO agent IA : https://urlr.me/P8AS5N
code rection 25% : PARLONSIA25

⌚ Timeline Vidéo

0:00 : ChatGPT 5 automatisation
1:10 : Prompt magique orchestration IA
2:30 : ChatGPT MCP Server sécurisé
3:45 : Stripe Shopify Gmail Slack
5:00 : Homme + AI productivité
6:15 : MCP Security logs permissions
7:30 : Observabilité SOC2 ISO
8:40 : Prompt Engineering Excellence
9:55 : MCP Server Rubb authentification
11:10 : Twitter YouTube Notion Drive
12:20 : Salesforce HubSpot Zendesk CRM
13:15 : VPN US MCP Advanced GPT5
14:00 : Entreprise automatisation sécurité

FAQ:
Quels outils peut intégrer un MCP Server ?
Un MCP Server ou plusieurs MCP Servers permettent à ChatGPT et ChatGPT-5 de se connecter à l’AI et d’intégrer Stripe pour le paiement Stripe, Stripe Shopify et Shopify pour l’e-commerce, Salesforce pour la gestion client, HubSpot pour le marketing, Zendesk pour le support, grâce aux custom MCP integrations.

Quels sont les avantages d’un MCP Server ?
Un MCP Server offre une MCP Security avancée, l’accès à des AI tools, un déploiement via Docker containers, avec des ressources pratiques comme le MCP Docker tutorial, le MCP tutorial ou encore le ChatGPT tutorial, tout en garantissant une solution robuste, scalable et adaptée à l’entreprise.

Comment un MCP Server aide les entreprises ?
Avec ChatGPT-5 et le ChatGPT MCP, les entreprises gagnent en AI productivity grâce à la ChatGPT automatisation et au ChatGPT autopilot. Les workflows sont simplifiés, les paiements Stripe sont fluides, les données Salesforce sont exploitées efficacement et les intégrations sont totalement sécurisées.

Pourquoi l’alliance ChatGPT-5 et MCP est importante ?
L’union de ChatGPT-5, du MCP et des MCP Servers propulse l’AI et l’artificial intelligence vers une nouvelle étape. Avec MCP explained, l’AI productivity, les custom MCP integrations

Catégorie

🤖

Technologie

Transcription

Afficher la transcription complète de la vidéo

00:00Hello everyone, today we're going to talk about one of the biggest revolutions underway.

00:05After the arrival of ChatGPT, Claude, there is that of the MCPs.

00:10Until now, companies had to pay more than 50,000 euros to carry out what is called integration.

00:15That is, the ability to make multiple applications communicate with ChatGPT.

00:22Today, we can do this natively with MCP systems.

00:26You don't know what it is? That's good, we're going to talk about it.

00:29But many videos on YouTube, again, have given a lot of extremely dangerous information.

00:37If you were one of the first to install MCP servers or use them without knowing what you were doing,

00:43Well, probably your data has already gone to the dark web.

00:47At the end of this video, you will hear from an MCP server hacker.

00:52And today you will understand the major mistake of these influencers,

00:56that, once again, of putting you straight into the wall every time they speak.

01:00What is an MCP system used for?

01:02To give you an idea, until now, ChatGPT has been living a bit in its own bubble.

01:08When you had to read a document, a PDF, and then respond to a client or an email,

01:14Well, you had to copy and paste.

01:16Well, all that is over.

01:17Now, if you want to connect multiple tools, multiple models,

01:21you no longer need to rely on an AI agent system,

01:25You can control your entire database using ChatGPT or Cloud.

01:31The result: huge savings.

01:33We are no longer just tinkering with N8N or Make,

01:38we can really respond to large volumes of businesses,

01:41the same people who were applying for integrations at a minimum of 35,000 or 50,000 euros.

01:47At the same time, the promise of AI is exploding.

01:50Complex tasks can be orchestrated just by using words.

01:55Can you imagine the new potential we have?

01:57For example, you receive a customer request,

01:59you know that the LLM is not at all able to deal with the problem from A to Z,

02:05so the AI agent will never answer this problem.

02:08But you can do it.

02:10Today you will take ChatGPT, you will retrieve the customer request,

02:14retrieve the information in the Stripe interface,

02:16take the customer's account, check on Shopify where their order is

02:21and where applicable, reimbursement, cancellation.

02:25In short, you only have one interface and the integration is directly in ChatGPT.

02:30But the point that needs to be understood is that a poorly secured MCP,

02:34It's like leaving the door to your bank account open.

02:37The protocol, it gives to the LLM, you understood it well,

02:40arms to act, to search for files, data.

02:43And if the door is too wide and the tools are too permissive,

02:48There are keys that will allow you to recover your data.

02:52Even worse, you will discover that poorly tuned MCP servers

02:57are a highway system for attacks.

03:00In 8 months, I generated approximately $527,000 by reselling data passes.

03:06So what is MCP?

03:07The MCP is not a gadget at all, it is truly the new standard.

03:13It's a little bit around the time of the arrival of USB,

03:16this port where we could plug in all our hard drives, our phone chargers

03:21and the same name is a bit like USB-C applied to AI.

03:25Just one plug and everything plugs in.

03:27No more DIY integrations,

03:29Welcome to the world where LLMs and tools speak a universal language.

03:34Concretely, this means that when they talk to each other,

03:38there is what we call standardization, security,

03:42portability and governance.

03:44Building a bridge between two communicating systems becomes much simpler.

03:49It is a safe, low-cost highway with very high speeds.

03:54What is an MCP communication system made of?

03:57There are three parts, what we call the host, the conductor,

04:02the app that runs your LLM if you prefer,

04:04This is where you send the request, where you will send your prompts.

04:08There is the MCP client part, the factor it takes from your order

04:13and transmits it to the right place.

04:15And the MCP server is the toolbox where the database is,

04:19all the data and tools, the famous tools since the arrival of agent systems.

04:25You know that LLMs are nothing more than machines for writing texts,

04:29but also to take action.

04:31And there, the cycle is fluid.

04:33Host, client, server.

04:35You request, the client formats and the server executes.

04:39The result comes back well rounded, ready for the LLM.

04:43Before, the brain had to tinker with everything itself.

04:46Now ChatGPT's brain thinks, arms execute

04:51and there are three very clear roles,

04:53with three blocks perfectly aligned and nested within each other.

04:57To make all this stand up, the MCP invented its alphabet.

05:02Five simple building blocks that transform the LLM into an agent.

05:07On the server side, we have the part called instruction.

05:10They are actually prompts, ready to use,

05:13which are directly stored, such as guided recipes.

05:17We have the resources part, where the model will search for material,

05:21data, CSV, information, online files,

05:24the baselines.

05:25And then, the tools.

05:27These are the super powers of launching a query,

05:29to go find a tool, to generate an image,

05:33to go compact or execute a code.

05:36And we have the other part, the customer.

05:39And there, it's the part that we call the root, the lock.

05:42You only open one specific door,

05:45never the entire castle,

05:47of your whole house, of your whole bank vault.

05:50And normally, that's what needs to be secured.

05:52That's why there is a part that is also called sampling,

05:55co-creation.

05:56The server asks the LLM to write and optimize part of the query.

06:02So there is a constant exchange between the systems.

06:05The LLM is no longer just about writing text.

06:07You understood it well.

06:08He reads, acts and collaborates.

06:11But still, normally, under what is called controlled permission.

06:14As you have seen, he is highly dependent, in fact,

06:17from the prompt training base.

06:19Yes, the prompts.

06:20Do you remember the prompts?

06:22So, part of the operation is given to what is called

06:26reinforcement learning.

06:28That is, the model, like an LLM, was taught

06:32that when he receives certain words, he will translate them into actions.

06:36If you ask him, give me the sales trends,

06:40the model will search the server,

06:43call a tool to launch a query,

06:46recover resources and results,

06:48and the LLM will give you a clear summary.

06:51No need to code or configure manually.

06:53It's secure, contextual, and you can replay as many times as you like.

06:58that you want this request, and therefore you can automate this section.

07:02And that is done with prompt engineering.

07:05based on the server ecosystem you will be using.

07:09Prompts are those word section instructions,

07:12the words you use in the TchatGPT interface,

07:15which are used to define actions.

07:17And you will have heard in hundreds of millions of videos

07:20of YouTubers, flute players, that prompt engineering,

07:24They were classic, traditional phrases.

07:27And you will discover, by taking an interest in the MCP system,

07:30or to AI agents, that this is not the case.

07:33Prompt engineering is truly the number 1 skill

07:36to configure these systems and to be able to automate them.

07:39That's good, because on the prompt engineering and system side,

07:43I think we are by far the best in the French-speaking world.

07:46The important thing to remember is that the MCP,

07:48It is the common language that allows the LLM to read and act

07:53with three systems, host, client, server.

07:57And what you need to know how to master are the five primitives,

08:01instructions, resources, access to triggering tools,

08:05routes and sampling, in order to optimize collection.

08:09You see that the potential of MCP systems is really crazy

08:13for businesses and a new market opening up,

08:15that of being able to understand how automations are structured

08:20in MCP systems.

08:22I did a few in training

08:24The Best of AI and Prompt Engineering Excellence.

08:29Today, certainly the highest level that can be reached

08:31in terms of skills in the field of Prompt Engineering.

08:35Connecting information is powerful,

08:38but it is also a risky system.

08:40A SoftShark study shows that 35 types of data

08:44which are listed by the LLM are extracted and used.

08:50And yes, now ChatGPT, Jiminy, Meta become systems

08:56to collect your information, your locations, your health,

09:00what are you talking about.

09:01The tracking carried out by chatbots is now becoming

09:04the main information retrieval system.

09:08It's a little bit that the economic model is shifting.

09:13At that time, we had what we call cookies on internet pages.

09:18Nowadays, we hardly ever use web browsing anymore.

09:21What is being done is using ChatGPT to answer questions.

09:25And so, they understood that using chatbot tracking

09:30was going to become the best way to recommend products for sale

09:35and to know the customer even better than the cookie could.

09:40The important thing to remember is that Meta sucks up virtually all the data,

09:44including your sensitive data like health and finances.

09:48Google Jiminy collects your precise location and all your contacts.

09:52So, it's a bit of a dream when we give them access to our email inbox.

09:56Copilot and Perplexity do the same on the localization side.

09:59And Perplexity has planned with its Comet system to recover all the navigation copies.

10:06ChatGPT, for the moment, is more moderate with its temporary conversations.

10:10They are still stored for 30 days.

10:12And yet, DeepSync had many data leak scandals with servers in China.

10:18But in reality, it's not the worst when it comes to recovering sensitive information.

10:22To illustrate the danger of MCP systems and if you had already installed them on Cloud before installing them on ChatGPT.

10:31Today you have the opportunity to do it in an open way.

10:34I made a tutorial that you can check out where I show you how you can install a secure server on ChatGPT.

10:41You're going to hear it.

10:42MCP is powerful.

10:44But if you leave the door open, it's a jackpot for attacks.

10:48Your best weapon is the simple fact that you have given permissions and that all the information is stored on external servers where you do not know who commands them, who controls them, who maintains them and especially their level of security.

11:01Listen to him.

11:02You know, you have your MCP-MPC host, your MCP client, your MCI server.

11:07Then on your MCP server you have three layers of resources, tools, resources and prompts.

11:12And so in each of these areas there are security issues.

11:15But you know, the most important thing is the tools, external resource calls and server vulnerabilities that occur here.

11:22I mean, a lot of these MCPs extract files to analyze the text.

11:26They store files to add to knowledge or to store them in memory.

11:30They don't have role-based access control over what they can retrieve.

11:34So you can simply ask the MCP server to fetch files from other locations in the file system.

11:39You can continuously access the MCP server.

11:41They, you know, if you have one that has too broad a scope by adding invisible code,

11:46by modifying the system prompt of the MCP server itself in its prompt section, there are a ton of attack vectors with MCP.

11:52So yes, the MCP is really the new tool for being able to scale systems.

11:58But you have to be aware that only certain protocols, and I have spoken about it, that of RUB,

12:04today provide a certain level of security and guarantee.

12:08But if you use payment systems like Stripe, like Paypal, and you give access to this data,

12:14understand very clearly that any hacker would have the possibility to do exactly as you,

12:20an MCP server on which it will collect the data.

12:23But magic is the opposite, isn't it?

12:25So, them, one of the demos that I show people about the possibilities that MCPs offer is that it's a provider.

12:31I won't name them, but it's basically a SIM, a cloud-based SIM.

12:35So they released an MCP and showed a demo, and they, so it's a cloud-based SIM tool,

12:40and it contains all your logs and everything, and you can connect other log sources to it.

12:44It has an MCP, and so you connect an MCP client to it, and you can just ask natural questions of your logs.

12:50And so they do a demonstration to show, basically, the genre.

12:54Tell me who is the riskiest user in my organization?

12:57And through the abstract API calls that they have, the MCP discovers that Bob, as he has them,

13:02he has so many impossible travel alerts, you know, them, associated with him, he has them,

13:07you know, sharing a whole bunch of documents outside the organization, blah, blah, blah, all these risk factor scores.

13:13He creates a dashboard just in time, just so Bob can show all the things he's doing wrong.

13:18And this power of having this personalized report, of being able to ask questions in natural language.

13:23They, I mean, it speeds up the work of a security manager by...

13:27If your employer deploys an MCP server, they can now, by querying the interface,

13:34know the topics you covered.

13:36And, as you heard, by simply using prompts,

13:40he will be able to define if you have braked certain rules,

13:45which can lead to sanctions and dismissal.

13:49Hackers can find security vulnerabilities in the server itself,

13:55but we can use roundabout ways,

13:58simply by asking what topics a person deals with,

14:03we can find what we would call phishing vulnerabilities.

14:06How to recover, engage in conversation on topics

14:10which will allow a user to be phished.

14:14So why do hackers do this?

14:16We have the beginnings of an answer in the report.

14:20There is of course the taste of adrenaline, the glory,

14:23but you have to realize the money you can earn with this type of practice.

14:28Which makes it clear that if for businesses it can be very expensive,

14:31For hackers, it can bring them a lot of money.

14:34At a time when France has become the country of Western Europe

14:37most affected by data leaks.

14:40One of the main French operators targeted by a cyberattack,

14:44the biggest hack of the past year.

14:46Address, telephone number, bank details,

14:49Data of more than 19 million customers was stolen.

14:53Very quickly, investigators found the trail of the criminal.

14:56Abreuillé, a small town of 9,000 inhabitants.

14:59In a residential area like this,

15:01The police arrested the cybercriminal at his parents' home.

15:05He is a 16-year-old teenager.

15:07Under judicial supervision, the young man risks up to 7 years in prison.

15:11The threat is therefore no longer only foreign,

15:14alerts this specialist.

15:16This is a huge misconception,

15:17that cyberattacks come from Russia,

15:20all cyber attacks come from China.

15:22Certainly, there are some, but lately, in France, this is not the case.

15:25In France, it is young people, especially French ones, who are teenagers.

15:30They are the ones who hack our biggest institutions and companies.

15:35In recent months, other private companies and public institutions

15:39were the target of these young French cybercriminals.

15:41Once the data is stolen,

15:42They resell them for several thousand euros on illegal sites to scammers,

15:46who use them for scams.

15:48These hackers, often minors,

15:50are not always aware of the consequences,

15:52according to this lawyer used to defending them.

15:54It is a very particular population.

15:56It amuses him, because there is a bit of that, it excites him,

16:00to look for the flaws in companies.

16:02They don't project on what it means,

16:04on the seriousness of words and offenses

16:08which can be committed by those who will use these files.

16:11On a secure messaging service,

16:13we were able to speak with one of them.

16:16He says he is now an adult,

16:18it is being trained alone from the age of 15,

16:20during confinement.

16:21In the beginning, that was the engine,

16:25the excitement of circumventing the system.

16:28But very quickly, money took over.

16:31From his bedroom, he hacked into banks and hospitals, among others.

16:34and realized he could make a lot of money.

16:38With the sums that were offered to me,

16:40I finally gave in.

16:41In eight months, I generated about $527,000

16:44by reselling data passes.

16:46His illegal activity has made him famous in the small world of cybercrime.

16:52He was then contacted for his skills.

16:55Most of the time, these are criminal organizations.

16:58I was even approached by the Moroccan mafia.

17:01I have tested dozens of French and foreign training courses

17:08who talk about artificial intelligence

17:10and I regularly notice errors and incompetence

17:14and marketing lies in the videos.

17:17So, next time you listen to content on YouTube and social media,

17:22learn to differentiate between competence and incompetence.

17:27This can cost you a lot of money.

17:29Install an MCP server that can corrupt your data

17:32and the banking data you have

17:35could be the worst of your nightmares.

17:38If you haven't already, subscribe

17:39and if you really want to train

17:42and level up in the use of AI,

17:45you have the training courses in description

17:47and you can contact me on the chatbot.

Écris le tout premier commentaire

Ajoute ton commentaire

Recommandations