MCP Security, Framework Fatigue, and AI Agents with Will Johnson (Presented by CodeRabbit)

This week, Robbie and Adam talk with Will Johnson—senior developer advocate at Auth0—about web dev, parenting, and internet culture. They debate whether CSS is a “real” programming language, riff on how modern frameworks can feel over-engineered, and dig into the security risks emerging around AI agents and MCP. Will shares what he’s been learning about MCP security, why he’s cautious with new tools, and how Auth0’s new AI agent offering helps manage identity, permissions, and token safety.

Presented by CodeRabbit: http://coderabbit.link/whiskey [http://coderabbit.link/whiskey]

In this episode:

• (00:00) - Intro

• (01:49) - Meet Will Johnson

• (02:19) - Whiskey rating & review: Jameson Triple Triple

• (07:13) - Hot Take: Git rebase vs git merge

• (09:42) - Parenting talk: kids, wrestling, and learning consequences

• (11:57) - Hot Take: Is CSS a programming language?

• (14:37) - What Will’s working on at Auth0 (AI + MCP security)

• (16:57) - The most interesting MCP-related hacks and security risks

• (18:27) - Can “skills” become an attack vector too?

• (19:47) - Security vulnerabilities, Next.js updates, and patching fatigue

• (20:48) - How Will’s family got into K-Pop Demon Hunters

• (25:51) - The Moana live-action trailer “looks like useEffect” (and why)

• (27:17) - Is React essentially processed American food?

• (27:58) - Sugar-free Oreos: what are we even doing here?

• (29:18) - Have we overcomplicated frontend development?

• (31:32) - Why Rails is the best-engineered dev experience Will has used

• (32:25) - How Auth0 teams are structured

• (35:47) - Passkeys explained

• (41:43) - Plugs and how to connect with Will

• (43:12) - How AI agents fit into auth

Links

• Auth0: https://auth0.com/ [https://auth0.com/]

• Jameson Triple Triple: https://www.jamesonwhiskey.com/en-us/our-whiskey/jameson-triple-triple/ [https://www.jamesonwhiskey.com/en-us/our-whiskey/jameson-triple-triple/]

• Three Sheets: https://en.wikipedia.org/wiki/Three_Sheets [https://en.wikipedia.org/wiki/Three_Sheets]

• Jack Daniel's Reserve: https://www.jackdaniels.com/ [https://www.jackdaniels.com/]

• Google Chrome: https://www.google.com/chrome/ [https://www.google.com/chrome/]

• Shopify: https://www.shopify.com/ [https://www.shopify.com/]

• CSS: https://www.w3.org/Style/CSS/ [https://www.w3.org/Style/CSS/]

• JavaScript: https://developer.mozilla.org/en-US/docs/Web/JavaScript [https://developer.mozilla.org/en-US/docs/Web/JavaScript]

• MCP: https://modelcontextprotocol.io/ [https://modelcontextprotocol.io/]

• Next.js: https://nextjs.org/ [https://nextjs.org/]

• KPop Demon Hunters: https://en.wikipedia.org/wiki/KPop_Demon_Hunters [https://en.wikipedia.org/wiki/KPop_Demon_Hunters]

• Britney Spears: https://britneyspears.com/ [https://britneyspears.com/]

• NSYNC: https://nsync.com/ [https://nsync.com/]

• B2K: https://en.wikipedia.org/wiki/B2K [https://en.wikipedia.org/wiki/B2K]

• Chris Brown: https://en.wikipedia.org/wiki/Chris_Brown [https://en.wikipedia.org/wiki/Chris_Brown]

• Netflix: https://netflix.com [https://netflix.com/]

• Stanford University: https://www.stanford.edu/ [https://www.stanford.edu/]

• Moana: https://movies.disney.com/moana [https://movies.disney.com/moana]

• Dak Prescott: https://en.wikipedia.org/wiki/Dak_Prescott [https://en.wikipedia.org/wiki/Dak_Prescott]

• React: https://react.dev/ [https://react.dev/]

• Oreo: https://www.oreo.com/ [https://www.oreo.com/]

• jQuery: https://jquery.com/ [https://jquery.com/]

• Ken Wheeler: https://x.com/ken_wheeler/ [https://x.com/ken_wheeler/]

• ES6: https://www.w3schools.com/js/js_es6.asp [https://www.w3schools.com/js/js_es6.asp]

• BlingBlingjs: https://github.com/argyleink/blingblingjs [https://github.com/argyleink/blingblingjs]

• Astro: https://astro.build/ [https://astro.build/]

• Rails: https://rubyonrails.org/ [https://rubyonrails.org/]

• Laravel: https://laravel.com/ [https://laravel.com/]

• Egghead: https://egghead.io/ [https://egghead.io/]

• Grok: https://grok.com/ [https://grok.com/]

• 1Password: https://1password.com/ [https://1password.com/]

• Google Zanzibar: https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/ [https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/]

• AWS: https://aws.amazon.com/ [https://aws.amazon.com/]

• Netlify: https://www.netlify.com/ [https://www.netlify.com/]

• Pokemon Go: https://pokemongolive.com/ [https://pokemongolive.com/]

Connect with Will

• Website: https://auth0.com/ai [https://auth0.com/ai]

• X / Twitter: https://x.com/willjohnsonio [https://x.com/willjohnsonio]

Connect with the hosts

• Robbie Wagner: https://x.com/RobbieTheWagner [https://x.com/RobbieTheWagner]

• Chuck Carpenter: https://x.com/CharlesWthe3rd [https://x.com/CharlesWthe3rd]

• Adam Argyle: https://x.com/argyleink [https://x.com/argyleink]

Subscribe and stay in touch

• Website: https://whiskey.fm [https://whiskey.fm/]

• Apple Podcasts: https://podcasts.apple.com/us/podcast/whiskey-web-and-whatnot/id1552776603 [https://podcasts.apple.com/us/podcast/whiskey-web-and-whatnot/id1552776603]

• Spotify: https://open.spotify.com/show/19jiuHAqzeKnkleQUpZxDf [https://open.spotify.com/show/19jiuHAqzeKnkleQUpZxDf]

• Overcast: https://overcast.fm/itunes1552776603 [https://overcast.fm/itunes1552776603]

• YouTube: https://www.youtube.com/@WhiskeyWebAndWhatnot [https://www.youtube.com/@WhiskeyWebAndWhatnot]

Whiskey Web and Whatnot Merch Enjoying the podcast and want us to make more? Help support us by picking up some of our fresh merch at https://whiskey.fund [https://whiskey.fund/].