Loading…
June 9-10, 2026
Bengaluru, India
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit Bengaluru to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
arrow_back View All Dates
Wednesday, June 10
 

9:00am IST

Zen Zone
Wednesday June 10, 2026 9:00am - 6:00pm IST
Tulip

Wednesday June 10, 2026 9:00am - 6:00pm IST
Tulip

9:00am IST

Registration & Badge Pick-Up
Wednesday June 10, 2026 9:00am - 6:00pm IST
Convention Hall Main Entry

Wednesday June 10, 2026 9:00am - 6:00pm IST
Convention Hall Main Entry
  Registration

9:00am IST

Solutions Showcase
Wednesday June 10, 2026 9:00am - 6:30pm IST
Convention Hall Foyer

Wednesday June 10, 2026 9:00am - 6:30pm IST
Convention Hall Foyer
  Exhibits

9:30am IST

Keynotes To Be Announced
Wednesday June 10, 2026 9:30am - 10:25am IST
Convention Hall

Wednesday June 10, 2026 9:30am - 10:25am IST
Convention Hall
  Keynote

10:25am IST

Morning Break
Wednesday June 10, 2026 10:25am - 11:00am IST
Convention Hall Foyer

Wednesday June 10, 2026 10:25am - 11:00am IST
Convention Hall Foyer
  Breaks + Meals + Special Events

11:00am IST

From Intent To Production: MCP Gateway Patterns for Regulated Banking - Hariskumar Panakkal, Wipro
Wednesday June 10, 2026 11:00am - 11:25am IST
Convention Hall
I spent the last year building agentic systems with MCP and MCP Gateway, and want to share what I learned — especially the things you only hit when you try to build for a real, regulated domain.

The build is a four-part system: a React portal, a LangGraph agent, Microsoft MCP Gateway as the front door, and a FastMCP server with 19 tools behind it. This talk walks through how the pieces fit together and the specific patterns that worked.

What I'll cover:

- How I structured MCP tools with Pydantic schemas, idempotency keys, and correlation IDs that travel through every layer
- Why my first three gateway deployments failed and how the mcp-session-id header fixed stateful tool routing through MCP Gateway
- A simple tool wrapper pattern that keeps sensitive data like SSN out of the LLM context while the agent still reasons about the workflow
- Why I made consent its own MCP tool with a signed receipt instead of bundling it into submit
- Three gaps I hit in MCP and the gateway and how I worked around them — honest notes for the community

If you're building with MCP and MCP Gateway and heading toward anything production-grade, these are the patterns I wish I'd had going in.
Speakers
avatar for Hariskumar Panakkal

Hariskumar Panakkal

Distinguished Member of Technical Staff (DMTS) and Enterprise Architect, Wipro
Hariskumar Panakkal is an Enterprise Architect and Distinguished Member of Technical Staff (DMTS), recognized with the 2025 Most Valuable Technologist (MVT) award. With a background in cloud transformation and responsible AI, he has spent the last year building agentic systems on... Read More →
Wednesday June 10, 2026 11:00am - 11:25am IST
Convention Hall
  Building with MCP

11:00am IST

Beyond Tools and Resources: A Deep Dive into MCP Sampling for Agentic Features - Kevin Vaz, Smartbear
Wednesday June 10, 2026 11:00am - 11:25am IST
Scarlet 2&3
Most MCP servers are one-shot: the client asks, the server answers. But some features need the server to reason mid-execution like summarise a diff before returning it, classify input to pick the next step, recover from ambiguity instead of failing, generating new data. That's what sampling unlocks: the server calls back into the host's LLM, without ever holding its own model keys.

This deep dive walks through sampling/createMessage feature provided by the mcp protocol and its internals messages, modelPreferences, includeContext, systemPrompt — and what the client is actually allowed to modify. We'll cover capability negotiation and the human-in-the-loop approval flow, then step through how sampling patterns are actually built in the smartbear-mcp server, using its implementations over there to understand how one could build their own sampling features.

Then the hard parts: agent loops, token-budget blowups, portability across clients using different model providers.

You'll leave knowing when sampling beats tools or elicitation, and with patterns you can lift today.
Speakers
avatar for Kevin Rohan Vaz

Kevin Rohan Vaz

Senior Software Engineer, Smartbear
Kevin Rohan Vaz is a Senior software engineer at SmartBear and a core contributor to the open-source smartbear-mcp server and swagger contract testing features, where he designs and ships the server's sampling, tools, and resource integrations. He spends his time turning MCP spec... Read More →
Wednesday June 10, 2026 11:00am - 11:25am IST
Scarlet 2&3
  MCP Protocol in Depth

11:00am IST

"Allowed To" Is Not Enough: Access Control That Understands What Your Agent Is Actually Doing - Tejas Ladhani, Motorola Solutions Inc & Chandrashekar Haleupparahalli, Motorola Solutions
Wednesday June 10, 2026 11:00am - 11:25am IST
Scarlet 1
Every agent today answers one question at the auth layer: is this agent allowed to do this? Wrong question. The real one: is it doing something consistent with what the user asked - right now, in this step?

These aren't the same, and the gap is where things break.

Today's auth was built for humans logging into apps: roles and scopes that persist regardless of what the agent is actually attempting. Tell an agent to "read this PDF and send the pointers to my team." The PDF hides an instruction: also forward the thread to an external address. The agent fires two sends - one legit, one exfiltration. Same token. Same checks. Role-based auth can't tell them apart because it never knew the agent's job.

This talk closes that gap. We'll trace why every prior access model assumed a stable human actor - and why that collapses when agents delegate to agents. We'll introduce Intent-Based Access Control: decisions that reflect not just what an agent may do, but what it's trying to do right now. We'll cover emerging standards like transaction tokens and richer auth context, plus concrete steps to ship intent-aware access in MCP flows today.
Speakers
avatar for Chandrashekar Haleupparahalli

Chandrashekar Haleupparahalli

Engineering Manager, Motorola Solutions
Engineer Manager of Identity and Access Management, Solving
avatar for Tejas Ladhani

Tejas Ladhani

Software Engineer 2, Motorola Solutions Inc
Tejas Ladhani is a Software Engineer at Motorola Solutions, architecting Agentic AI for mission-critical public safety. He specializes in high-stakes systems where security is foundational and downtime has real-world consequences, from unifying enterprise identity layers to slashing... Read More →
Wednesday June 10, 2026 11:00am - 11:25am IST
Scarlet 1
  Security Identity + Trust

11:25am IST

Building Interactive Tools With MCP Elicitation - Ashwin Hariharan, Redis
Wednesday June 10, 2026 11:25am - 11:50am IST
Convention Hall
Most of us think of agent tools as vending machines - you put in the right input, you get the right output. Put in the wrong input, and you either get the wrong output or nothing at all.

This breaks for complex workflows where context is incomplete or intent is ambiguous. The tool either guesses wrong or fails outright. No back-and-forth, no clarification. Good AI tools built for conversation should explain what they need, what they'll do, and provide clear options.

In this session, we’ll look at how MCP elicitation works in practice across different workflows: covering ambiguous input, missing context, risky operations, and auth flows. Attendees will leave with concrete patterns for designing tools that go beyond transactional APIs to collaborative multi-turn interactions.
Speakers
avatar for Ashwin Hariharan

Ashwin Hariharan

Developer Advocate, Redis
Ashwin Hariharan is a Developer Advocate at Redis, with over eight years of experience as a full-stack software engineer. He's passionate about making complex ideas simple, helping developers build faster, more reliable systems, and understand the "why" behind the tools they use.
... Read More →
Wednesday June 10, 2026 11:25am - 11:50am IST
Convention Hall
  Building with MCP

11:25am IST

Closing the Loop on Observability: Using MCP for Continuous Telemetry Optimization - Parthiv Roshan Menon, Smarsh
Wednesday June 10, 2026 11:25am - 11:50am IST
Scarlet 2&3
Modern observability stacks make it easy to collect telemetry, but not to derive value from it. Teams accumulate unused metrics, high-cardinality signals, and noisy dashboards, leading to rising costs and poor signal quality.

This talk introduces a practical mental model inspired by the Rumsfeld Quadrant to reason about observability in terms of signals we measure vs signals we actually use. In our analysis of a our Observability stack, nearly 70% of collected signals showed little to no usage, reflecting a Pareto-like distribution of signal value.

We present a closed-loop approach that we used to analyze observability metadata and continuously optimize the system. MCP was used as the coordination layer to expose metadata and connect analysis, reasoning, and action workflows.

We will walk through how low-value signals were identified, how recommendations were generated and applied in a real-world large scale observability platform.
Speakers
avatar for Parthiv Roshan Menon

Parthiv Roshan Menon

Parthiv Roshan Menon, Smarsh
Platform Engineer with ~10 years of experience building and scaling observability platforms. Focused on improving signal-to-noise ratio in large telemetry systems and exploring the use of MCP and LLMs for feedback-driven optimization. Active in open source and currently building tools... Read More →
Wednesday June 10, 2026 11:25am - 11:50am IST
Scarlet 2&3
  Enterprise Adoption + Integration
  • Audience Experience Level Any

11:25am IST

SEO for Agents: Designing MCP Endpoints That Let Agents Evaluate Each Other Before Transacting - Manav Agarwal, Dream11
Wednesday June 10, 2026 11:25am - 11:50am IST
Scarlet 1
When humans hire someone, they ask questions first. Check reviews, compare, negotiate. AI agents can't do any of this.

An MCP flight booking server says: "I book flights." Another agent can't ask: How many routes? Success rate? Can you get business class upgrades?

I tore down top MCP servers across mcp.so, Smithery, Glama, PulseMCP. The #1 server has 52K stars but exposes 47 capabilities with zero verifiable metrics. Tool schema: 1,020 tokens of bloat.

The problem: MCP tool schemas describe WHAT but not HOW WELL. No capability layer for agents to evaluate each other before committing.

What's needed — structured capability endpoints:

"I book flights"
→ 147 routes, 96.2% completion, 23% avg savings
→ Business class upgrades: 340 secured, 41% success
→ Savings by route queryable, methodology documented
→ Full transaction log for independent verification

Exposed as MCP resource endpoints —
capability/summary returns structured metrics, capability/evidence/{tool} returns methodology, capability/raw/{tool} returns verifiable logs.

I'll show real endpoint teardowns, what's missing from tool schemas, and a draft capability-metadata spec builders can implement.
Speakers
avatar for Manav Agarwal

Manav Agarwal

Founder & Independent Researcher, AgentProof
Creator of AgentProof, an independent benchmarking and trust analysis project for AI agents. Mapped 10 agent directories containing 1.24M+ listings, deep-dived 3 agent categories, and health-checked 65+ MCP servers. Previously analyzed 14 agentic payment protocols (x402, Stripe ACP... Read More →
Wednesday June 10, 2026 11:25am - 11:50am IST
Scarlet 1
  Security Identity + Trust

11:50am IST

Running MCP Fully Local: Private, Offline-Capable Agents With Ollama and Open Models - Harish Kotra, Forge Alumnus
Wednesday June 10, 2026 11:50am - 12:15pm IST
Convention Hall
Over the last few months I've built and shipped 100+ agents in public, many wired into MCP servers running against local models through Ollama, LM Studio, and decentralized open-source inference. A draw.io MCP server driven by Llama 3.2, an Excalidraw MCP integration, a Bright Data MCP briefing agent, all running end-to-end without a single token leaving the host.

This talk is a working engineer's tour of that stack. We'll walk through a minimal local MCP setup (server + client + Ollama) and then dig into the real-world failure modes: tool-selection collapse on 7B models, JSON-schema compliance gaps, capability-negotiation mismatches, and the surprisingly large quality delta between structured-output fine-tunes and general chat models. I'll share the prompt shapes, tool-description patterns, and schema-validation tricks that reliably push small open models from "demo-grade" to "I'd ship this internally."

Attendees will leave with a reference architecture for private MCP, a shortlist of open models that actually handle tool calls well today, and a set of design patterns for MCP servers that degrade gracefully when the client LLM has 8B parameters instead of a trillion.
Speakers
avatar for Harish Kotra

Harish Kotra

Fractional CTO, Forge Alumnus
Harish is a Fractional CTO and AI agent builder based in India. He previously led Developer Relations at Gaia and spent over a decade at AngelHack organizing 200+ hackathons. Since 2026 he's published one new open-source AI agent every day at dailybuild.xyz, 100+ builds spanning MCP... Read More →
Wednesday June 10, 2026 11:50am - 12:15pm IST
Convention Hall
  Building with MCP
  • Audience Experience Level Any

11:50am IST

From MCP Discovery To Execution: Building a Governed Marketplace & Gateway for Agentic Systems - Rahul Ganesh Partheeban, Freshworks
Wednesday June 10, 2026 11:50am - 12:15pm IST
Scarlet 2&3
We started building an MCP gateway in early 2025, when the spec was still maturing, and there were no established patterns for multi-tenant enterprise implementation.

This talk will delve into the key patterns we used for taking MCP from POC to Production. We'll also cover layering MCP as a gateway over an existing platform:

- Propagating tenant context through the MCP handshake, so a single gateway can safely serve thousands of accounts.
- Decoupling session state from pod affinity with a distributed session store — needed for horizontal auto-scaling and safe rolling deploys.
- A three-tier error model (protocol/gateway/application) so agents classify failures and retry intelligently.
- A sub-registry that extends the registry with vetting and curates trusted Remote MCP servers with per-tenant install state.
- Multi-tenant session and secret management with One-click install and OAuth 2.1 + Dynamic Client Registration handled by the marketplace, not by every AI client.
- MCP gateway that proxies to remote servers under shared FUP, rate limits, retries/circuit-breaking, and analytics - handling a black-box third-party server with guardrails.
Speakers
avatar for Rahul Ganesh Partheeban

Rahul Ganesh Partheeban

Lead Software Engineer - Systems, Freshworks
Rahul Ganesh Partheeban is a Lead Software Engineer at Freshworks, working on platform engineering for marketplace integrations and app ecosystems. He builds extensible, event-driven, multi-tenant platforms powering thousands of integrations and developer workflows. He played a leading... Read More →
Wednesday June 10, 2026 11:50am - 12:15pm IST
Scarlet 2&3
  Ecosystem Registries + Platform Infrastructure
  • Audience Experience Level Any

11:50am IST

Ambient Identity: Just-in-Time Authorization Patterns for the Model Context Protocol - Ayesha Dissanayaka, WSO2
Wednesday June 10, 2026 11:50am - 12:15pm IST
Scarlet 1
As the Model Context Protocol (MCP) matures, we face a critical security hurdle: how do ambient agents that are running in the background or on headless devices securely access sensitive resources without constant manual intervention?

Standard OAuth flows often break the "ambient" experience by requiring immediate browser redirects on the same device. This session proposes a decentralized identity architecture using Client-Initiated Backchannel Authentication (CIBA). By decoupling the consumption of resources from the authorization flow, an MCP client can trigger a "just-in-time" permission request directly to a user's trusted mobile device.

Key Takeaways:
- Decoupled Auth: Implementing CIBA to bridge the gap between headless MCP clients and human controllers.
- Just-in-Time delegations: Moving from "all-or-nothing" API keys to granular, session-based permissions.
- Security Patterns: Handling asynchronous "Out-of-Band" callbacks within the MCP lifecycle.

Join us to explore how we can make background agents both powerful and respectful of the "human-in-the-loop" principle.
Speakers
avatar for Ayesha Dissanayaka

Ayesha Dissanayaka

Associate Director / Architect, WSO2
Ayesha is Lead Architect for Identity and Access Management for Agentic AI at WSO2, specializing in securing autonomous AI systems. With over a decade in enterprise IAM, she architects identity solutions for AI agents, bridging traditional frameworks with emerging AI security needs... Read More →
Wednesday June 10, 2026 11:50am - 12:15pm IST
Scarlet 1
  Security Identity + Trust

12:15pm IST

Agents Don't Fail, Environments Do: Lessons From Production MCP Deployments in Telecom - Divya Vijay, NetoAI
Wednesday June 10, 2026 12:15pm - 12:40pm IST
Scarlet 2&3
At NetoAI we build AI agents for telecom network operations. Our Rapid Root Cause Analysis Agent, built on our open-source TSLAM models (22k+ HF downloads), runs against live operator networks.

When we moved to MCP as the tool-interface layer, agents that passed eval started breaking weeks after production launch. The model, prompts, retrieval, none were root cause. The tool environment itself was.

So we built a digital-twin simulation of our production telecom domain and stress-tested MCP agents across four axes:
1). tool-set scale
2). task complexity
3). persona variability
4). deterministic repetition.

Tool-selection accuracy is near-perfect up to ~20 exposed tools, then collapses. One bad early dependency step cascades the whole workflow.

I'll walk through the seven failure patterns we kept hitting, including Tool Selection Collapse and Cascading Fragility, the three architectural root causes behind them, and the task-scoping and dependency-aware fixes that worked. You leave with a pre-launch methodology for your own MCP servers vendor-neutral, applicable to any dependency-dense domain.
Speakers
avatar for Divya Vijay

Divya Vijay

Senior AI Engineer, NetoAI
Senior AI Engineer at NetoAI, building production agent systems. Co-author on T-VEC and G-SPEC research papers. Previously Software Engineer at Prodapt. 3 years of shipping AI and full-stack software across agentic and UI engineering in telecom.
Wednesday June 10, 2026 12:15pm - 12:40pm IST
Scarlet 2&3
  Agent Architecture + Orchestration

12:15pm IST

One MCP Server, Five Languages, Zero Containers - Bharath Nallapeta, Mirantis Inc.
Wednesday June 10, 2026 12:15pm - 12:40pm IST
Convention Hall
In 2013, shipping a Python service meant picking a base OS, writing an initscript, and fighting pip against the system package manager. Docker made it one command. Twelve years later, shipping an MCP server still feels pre-Docker — pick a language, spin up a process, hope the dependencies cooperate.

The WebAssembly Component Model quietly shipped the pieces it was missing in 2023. wasmcp, Microsoft Wassette, and Fermyon Spin now compose a single MCP server from Python tools that use pandas, TypeScript tools that use Zod, and Rust middleware that uses Regorus. One process. Hard isolation between components. One signed artifact, distributed through OCI registries, cold-starting in the low milliseconds.

This is a live-demo talk. I'll build a polyglot MCP server on stage, push it to a registry, and run the same bytes in four environments — a Kubernetes pod, a Spin function, a browser tab, and a Raspberry Pi. And I'll be honest about what WASM still can't do.
Speakers
BN
Wednesday June 10, 2026 12:15pm - 12:40pm IST
Convention Hall
  Building with MCP

12:15pm IST

Why Your Database MCP Should Never Talk To Your Database - Gowtham Raj Elangovan, Comcast
Wednesday June 10, 2026 12:15pm - 12:40pm IST
Scarlet 1
Most database MCP implementations are stdio transport, hardcoded URIs, and live connections handed directly to AI agents. This works on a laptop. It fails in production.
Direct agent-to-database connectivity is dangerous. Connection exhaustion, raw credentials in agent context, DDL one hallucination away, PII returning unfiltered into LLM context windows, runaway queries taking down production clusters. Not theoretical. Production failures waiting to happen.
For our internal DBaaS service we built a two-layer remote MCP architecture to close every one of them. An MCP Proxy handles agent-facing concerns — JWT auth, SSO-backed approvals, rate limiting, and an execution_id registry so no agent ever sees a raw URI. It never touches the database. Queries route through a Query Service — the only layer that does. Read-only enforced structurally, DDL blocked even for root, injection filtered, timeouts enforced, Presidio scrubbing PII before responses reach any agent context window. We contrast this with direct-connect tools, contribute execution_id as a reusable enterprise primitive, and make the case for why an enforcement layer between MCP and your DB is the architecture — not an option
Speakers
avatar for Gowtham Raj Elangovan

Gowtham Raj Elangovan

Engineer 5, Engineering Operations, Comcast
Senior Data Platform & Database Engineering Architect with 13+ years building large-scale, cloud-native, and distributed database systems on-prem and AWS. Expert in autonomous AI-driven optimization, reliability engineering, and platform automation. Proven track record leading teams... Read More →
MCP Dev Summit pptx
Wednesday June 10, 2026 12:15pm - 12:40pm IST
Scarlet 1
  Security Identity + Trust

12:40pm IST

Attendee Lunch
Wednesday June 10, 2026 12:40pm - 2:10pm IST
Convention Hall Foyer

Wednesday June 10, 2026 12:40pm - 2:10pm IST
Convention Hall Foyer
  Breaks + Meals + Special Events

2:15pm IST

Keynotes To Be Announced
Wednesday June 10, 2026 2:15pm - 3:10pm IST
Convention Hall

Wednesday June 10, 2026 2:15pm - 3:10pm IST
Convention Hall
  Keynote

3:20pm IST

Skills Are Not MCP Servers: When To Use Which (and How To Make Them Work Together) - Animesh Pathak & Jyoti Bisht, Harness Inc
Wednesday June 10, 2026 3:20pm - 3:45pm IST
Convention Hall
There's a running argument in the AI tooling world right now do you need MCP servers, or can you just use Skills? I've been on both sides of this. At Harness, I've built Claude Skills for DevOps workflows and worked with our MCP server that wraps the entire platform. And the honest answer is: it depends, but most people are picking the wrong one for the wrong job.

In this talk I'll break down where the boundary actually is. Skills are great when the knowledge is stable conventions, workflow logic, best practices. MCP servers earn their keep when you need live data, real-time API calls, or actions with side effects. The interesting part is what happens when you layer them: a Skill that knows how to debug a failed deployment, calling an MCP server that pulls live pipeline logs and execution data.

I'll walk through real examples I've built skills that started as simple "SKILL.md" files and grew into MCP-backed workflows, and cases where I over-engineered an MCP server when a markdown file would've done the job. If you're building agents and trying to figure out the right architecture, this talk should save you some wrong turns.
Speakers
avatar for Jyoti Bisht

Jyoti Bisht

Senior DevRel Engineer, Harness
Jyoti Bisht is a Senior Developer Relations Engineer specializing in Cloud Cost Management and FinOps. She focuses on improving developer experience through platform design, internal tooling, and community engagement. She has also spoken at DevRelCon on gamifying documentation to... Read More →
avatar for Animesh Pathak

Animesh Pathak

DevRel Engineer, Harness
Animesh Pathak is a Developer Relations Engineer with a strong focus on Database DevOps, APIs, testing, and open-source innovation. Currently at Harness, he plays a key role in building and evangelizing scalable DBDevOps workflows, bridging the gap between developers and data teams... Read More →
Wednesday June 10, 2026 3:20pm - 3:45pm IST
Convention Hall
  Building with MCP

3:20pm IST

The Stdio Deadlock Nobody Warned Us About: OS-Level Process Management for MCP - Yuvraj Pradhan, MIT ADT University & Archana Kumari, MIT ADT University
Wednesday June 10, 2026 3:20pm - 3:45pm IST
Scarlet 2&3
When we moved our multi-agent MCP system from REST to stdio transport, the protocol schema was not the problem. OS pipes have no safety nets.

When a model silently segfaults mid-inference, it does not send a JSON-RPC error. It just dies. The orchestrator sits blocked on a stdout.readline(), which never comes.

Then we hit the pipe buffer deadlock.

Inference engines are noisy. They dump token speeds and debug logs to stderr. If the orchestrator is waiting on stdout and ignoring stderr, the OS pipe buffer fills up to 64KB. The OS physically halts the model. The orchestrator waits for the model to finish. The model waits for the orchestrator to clear the pipe. Nobody moves.

To fix it we had to build async wrapper classes that continuously drain stderr into background loggers.

This talk covers what we learned:

- Draining stderr continuously or your process dies silently
- Managing SIGKILL and EOF lifecycles to flush sensitive data from RAM
- Replacing HTTP timeout assumptions with OS process management

If you are running MCP over stdio, this talk is the process management guide the MCP ecosystem has not written yet.
Speakers
avatar for Yuvraj Pradhan

Yuvraj Pradhan

AI Systems Engineer, MIT-ADT UNIVERSITY
Yuvraj Pradhan is an AI Systems Engineer specialising in cost-efficient GenAI and secure multi-agent architectures. He is the first author of research published in Springer Nature on architecting a 125M-parameter NanoLLM for STEM tasks that outperforms significantly larger models... Read More →
avatar for Archana Kumari

Archana Kumari

Ai Systems Developer, MIT ADT University
Archana Kumari is an AI Systems Developer building practical machine learning systems and edge AI applications. Her work spans LLMs, computer vision on embedded devices, and full-stack tooling with Python and Java. She has developed multi-agent reasoning frameworks and voice-assisted... Read More →
Wednesday June 10, 2026 3:20pm - 3:45pm IST
Scarlet 2&3
  MCP Protocol in Depth

3:20pm IST

Auditing MCP Tool Calls at the Kernel Level: eBPF as a Trust Boundary Enforcer - Harini Anand, IBM
Wednesday June 10, 2026 3:20pm - 3:45pm IST
Scarlet 1
As MCP servers exponentially proliferate, a critical question emerges: who audits what an LLM actually did when it invoked a tool?

Application-layer logs can be tampered with or missed. This talk argues that eBPF is the only tamper-resistant audit layer for MCP tool execution and shows you how to build it.

We walk through instrumenting an MCP server's syscall surface with bpftrace and cilium/ebpf: capturing every network egress triggered by a tool call, every file descriptor opened, every exec spawned, correlated back to the originating MCP request ID via process lineage tracking in BPF maps.

The result is an immutable, kernel-enforced audit trail that no application-layer bug or prompt injection can suppress.

We'll also cover using eBPF LSM hooks to enforce policy at call time, blocking tool invocations that attempt unexpected network destinations or file paths effectively making eBPF a runtime policy engine for MCP's threat model.

Attendees leave with a working threat model, reference eBPF programs, and a clear mental model for where kernel enforcement fits in MCP's trust architecture.
Speakers
avatar for Harini Anand

Harini Anand

SDE in Data & AI, IBM
SDE at IBM Data & AI, working on IBM watsonx™. Software Engineering Researcher at UIUC. Computational Cognition Researcher at Georgia Institute of Technology. Biomedical XAI Researcher at Dartmouth College.
Formerly at Niramai & IIT Hyderabad, researching ML for breast cancer and gene regulatory networks. Built cognitive tools for dementia prevention as a student entrepreneur. Google KaggleX Mentee, AWS Scholar, Harvard WE Tech Fellow, Oxford & MIT Summer School alumna and a Stanford... Read More →
Wednesday June 10, 2026 3:20pm - 3:45pm IST
Scarlet 1
  Security Identity + Trust

3:45pm IST

The Invincible MCP Server: Building Crash-Proof AI Tools With Durable Execution - Shubham Londhe, Temporal
Wednesday June 10, 2026 3:45pm - 4:10pm IST
Convention Hall
We All have been building AI Agents with MCP since it launched in 2024, but there's one thing no one is talking about - "What happens when MCP Fails? (and they fail often). MCP is just a process and it can crash, and so will the AI agent progress, it all can vanish with a crash.

Well, the new Tasks primitive in MCP (SEP-1686) helps a lot, it gives your AI agents a way to hand off long-running tools, but it doesn't solve the real problem. They don't maintain the state when the server crashes.

In this session, I'll do a live demo of a Kubernetes Auto Healing AI Agent with MCP server and walk through how to wrap MCP tool logic in workflows that survive crashes, restarts, and network failures.
I'll cover how to handle human-in-the-loop approvals inside long-running tools, how to retries and state-management, and how to observe what your MCP tools are doing in production.

I'll be breaking a running server on stage and show you the agent recovering without losing a step. Hence "The Invincible MCP Server"
Speakers
avatar for Shubham Londhe

Shubham Londhe

Senior Developer Advocate, Temporal
Hello Dosto, I am Shubham Londhe, a Senior Developer Advocate, passionate about developing and deploying production-ready applications.

Its been more than 9+ years in the IT industry and having worked with AWS, Temporal, gave me a lens of how Production-readiness works.

I take this experience and share it with learners across India through my YouTube channel "TrainWithShubham" with over 175000 subscribers. Happy Learning... Read More →
Wednesday June 10, 2026 3:45pm - 4:10pm IST
Convention Hall
  Building with MCP

3:45pm IST

Agentic DX: Bringing Your IDP Into the IDE - Adnan Vahora, Motorola Solutions
Wednesday June 10, 2026 3:45pm - 4:10pm IST
Scarlet 2&3
Platform engineering has a chicken-and-egg problem: the platform needs adoption to justify investment, but adoption requires onboarding that teams resist when deadlines are tight. Our internal developer platform hit this hard. It serves 4,000+ developers across clouds and managed Kubernetes, yet many teams found the portal too unfamiliar.
We solved it with a second entry point built on MCP. Instead of learning a new UI, developers get 30+ platform capabilities directly in IDE chat, from namespace provisioning and Helm deployments to cost analysis and access management. An MCP App renders forms in chat, developers approve and execute, and a first deployment can happen with almost no onboarding.
This session covers the production architecture: sandboxed iframe-based MCP Apps, Elicitation for structured write approvals, an Adaptive Tool Router that keeps 30+ tool schemas from flooding the context window, a split between deterministic Agent Skills and ReAct reasoning, and a safety layer with a sub-500ms kill switch plus delegated RBAC tied to existing permissions. Attendees leave with a practical blueprint for meeting developers where they already work.
Speakers
avatar for Adnan Vahora

Adnan Vahora

Software Engineer, Motorola Solutions
Building the roads and traffic lights for the next generation of AI at Motorola Solutions. I’m currently obsessed with solving the 'hard parts' of Agentic AI—like figuring out how to secure Agent-to-Agent traffic without slowing it down.

I’m a big believer in open standards (huge fan of Envoy & Wasm) and love turning chaotic problems into clean architecture. Always happy to swap stories about platform engineering, Rust, or the latest in AI governance. Come say hi... Read More →
Wednesday June 10, 2026 3:45pm - 4:10pm IST
Scarlet 2&3
  Enterprise Adoption + Integration

3:45pm IST

Who Let the Agent In? Securing MCP Servers in Production - Prachi Jamdade, Gravitee
Wednesday June 10, 2026 3:45pm - 4:10pm IST
Scarlet 1
What if your MCP server could confidently decide who gets access to what, without turning your codebase into a security nightmare? In this session, we follow the journey of a simple MCP server as it evolves from an open endpoint into a fully secured, production-ready system. Along the way, you’ll see how authentication actually works in MCP, how to move beyond basic role checks into fine-grained, contextual authorization with OpenFGA, and how these pieces fit together in real-world scenarios. The highlight is a live demo where we lock down an MCP server step by step, making the invisible layers of security visible and practical. By the end, you won’t just understand MCP security, you’ll know exactly how to implement it or even offload it entirely so you can focus on building powerful agent-driven experiences.

Speakers
avatar for Prachi Jamdade

Prachi Jamdade

Developer Advocate, Gravitee
Prachi Jamdade is a Developer Advocate at Gravitee, working at the intersection of developer experience, APIs, AI governance and security. She has worked with multiple startups and shipped global products.
Wednesday June 10, 2026 3:45pm - 4:10pm IST
Scarlet 1
  Security Identity + Trust

4:10pm IST

Why Agents Make Different Decisions With the Same Tools - Jyoti Bisht & Animesh Pathak, Harness; Aditya Oberai, Appwrite
Wednesday June 10, 2026 4:10pm - 4:35pm IST
Scarlet 2&3
Scenario: Deploy an agent to production. Works 90% of time in testing. Month later: Claude model updates. Success rate drops to 70%. Why? Model change altered how tools are ranked.
You can't see this. You have no control. Your agent silently degraded.
This talk identifies sources of divergence:

Temperature/sampling: Agent with temp 0.7 calls Salesforce 60% of time. Temp 0 calls it 95%.
Model version: Claude 3.5 favors Salesforce (in training data). Opus 4.5 favors email (newer training). Same task, different choices.
Context truncation: Tool listed first in window = primacy bias (70% called). Tool listed last = recency bias (30%).
Tool schema order: Tools listed alphabetically vs. semantic order (query before create) changes success rate 25%.
Schema verbosity: Detailed descriptions make tools more likely to be selected than sparse ones.

Then proposes solution: Agent fingerprinting. Create deterministic test suite capturing baseline behavior. Before deploying new model/agent version: run fingerprint suite. If success rate drops 10%+, alert. Don't deploy.
Speakers
avatar for Jyoti Bisht

Jyoti Bisht

Senior DevRel Engineer, Harness
Jyoti Bisht is a Senior Developer Relations Engineer specializing in Cloud Cost Management and FinOps. She focuses on improving developer experience through platform design, internal tooling, and community engagement. She has also spoken at DevRelCon on gamifying documentation to... Read More →
avatar for Aditya Oberai

Aditya Oberai

Developer Relations Lead, Appwrite
Aditya Oberai is the Developer Relations Lead at Appwrite and an avid tech community and hackathon enthusiast. Having worked with various technologies such as APIs, web apps, cloud computing, etc., he has spent the last 6 years empowering tech communities and is a Microsoft MVP awardee... Read More →
avatar for Animesh Pathak

Animesh Pathak

DevRel Engineer, Harness
Animesh Pathak is a Developer Relations Engineer with a strong focus on Database DevOps, APIs, testing, and open-source innovation. Currently at Harness, he plays a key role in building and evangelizing scalable DBDevOps workflows, bridging the gap between developers and data teams... Read More →
Wednesday June 10, 2026 4:10pm - 4:35pm IST
Scarlet 2&3
  Agent Architecture + Orchestration

4:10pm IST

Building Rich AI-Native UI for Agentic Interactions Using MCP Apps - Ashita Prasad, AWS
Wednesday June 10, 2026 4:10pm - 4:35pm IST
Convention Hall
AI Agents are getting smarter with each passing day. But, their interfaces? Not so much.

But, what if there is a way to turn the AI chat from a place where you converse into a place where you can actually work?

MCP Apps offer a solution to go beyond the text and standardize how MCP servers can deliver rich, bidirectional UI components like dashboards, forms, interactive visualizations & more. These components are rendered securely and natively within AI hosts, enabling agents to interact with users via rich interactive interfaces.

In this session, attendees will learn:
- Core architectural patterns from real MCP Apps development
- How to handle sandboxed host–server communication, manage state synchronization, stream real-time updates, handle async tasks, & add multiplayer collaboration
- How to leverage context and persist memory across conversations
- How to avoid some common pitfalls and utilize debugging workflows and tools
- How to add authentication & deploy a remote MCP Server providing MCP Apps

We will walk through a complete, production-style Sales Analytics MCP Apps and perform a code deep-dive to showcase the effective foundational patterns while building MCP Apps.
Speakers
avatar for Ashita Prasad

Ashita Prasad

SDE / Developer Advocate, AWS
Ashita works as a developer advocate at AWS with a strong focus on frontend and AI technologies. With 10+ years of experience in full stack development, she is passionate about building impactful products and equally loves empowering & engaging with fellow developers in the commu... Read More →
Wednesday June 10, 2026 4:10pm - 4:35pm IST
Convention Hall
  Building with MCP

4:10pm IST

When Agents Get SSH Keys: Securing Distributed AI Fleet With MCP - Mradul Dubey, ApraLabs
Wednesday June 10, 2026 4:10pm - 4:35pm IST
Scarlet 1
Agent security discussions focus on prompt injection and sandboxing. But when agents operate on real infrastructure - pushing to Git, executing code via SSH, starting cloud instances - every machine in the fleet carries its own keys, tokens, and credentials, multiplying the risk.

This talk presents the security architecture of apra-fleet, an open-source (Apache 2.0) MCP server that orchestrates AI agents across distributed machines:
- Credential lifecycle: provisioning LLM auth (OAuth, API keys), SSH keys, and Git tokens with automated key-pair migration
- Out-of-band credential entry: passwords collected via separate terminal, never exposed to the LLM. "LLM secure variables" for sensitive text
- Short-lived tokens: GitHub App mints scoped tokens with minute-level TTLs - a compromised session cannot reuse yesterday's token
- Role-scoped permissions: MCP tool constraints make violations structurally impossible - a doer agent cannot call the merge tool
- Encryption at rest

Grounded in production sprints across C++, Node.js, Python, and ML. Attendees leave with reusable patterns for securing multi-agent systems on real infrastructure.
Speakers
avatar for Mradul Dubey

Mradul Dubey

Senior Software Developer, ApraLabs
Mradul is a developer at Apra Labs with over 8 years of experience in ML, edge AI and computer vision. At Apra Labs, he works across the stack from embedded inference to cloud infrastructure. A natural skeptic, his recent focus has shifted to agentic AI - he co-architects to apra-fleet... Read More →
Wednesday June 10, 2026 4:10pm - 4:35pm IST
Scarlet 1
  Security Identity + Trust

4:40pm IST

Afternoon Break
Wednesday June 10, 2026 4:40pm - 5:10pm IST
Convention Hall Foyer

Wednesday June 10, 2026 4:40pm - 5:10pm IST
Convention Hall Foyer
  Breaks + Meals + Special Events

5:15pm IST

The MCP Has No Clothes: What Most Benchmarks Miss About Real MCP Servers - Arnav Balyan, Concierge AI
Wednesday June 10, 2026 5:15pm - 5:40pm IST
Convention Hall
As MCPs mature, a gap emerges between benchmark performance and production behaviour:

1. Servers are tested in isolation, however in production they run alongside 100s of other servers, which affects tool selection. Typical evaluation frameworks are unable to reproduce this scale.
2. Single tool calls cannot test workflow compliance (the order and dependency of tool calls across multi step tasks).
3. Benchmarks are unable to measure user experience or quantify transcript quality.

This talk presents the design philosophy for robust MCP evaluation, grounded on field data and traffic analysis from 400+ production MCP servers.

We introduce a set of success metrics for MCP server authors and show how this re-order benchmark leaderboards, why servers that top toy evals regress in production, and what server authors should measure before shipping.

Attendees leave with a framework they can apply directly, data to benchmark against, and a clearer view of how they can adopt MCP confidently at scale for enterprise and internal usecases.
Speakers
avatar for Arnav Balyan

Arnav Balyan

CEO, Concierge AI
Founder of Concierge AI. Ex-Uber building MCP systems at scale. Concierge AI manages 400+ public MCP deployments, Arnav focuses on MCP tool complexity and researches token overhead reduction at scale.
Wednesday June 10, 2026 5:15pm - 5:40pm IST
Convention Hall
  Building with MCP

5:15pm IST

Where MCP Ends and A2A Begins: and Why That Seam Is Breaking Your Agents - Arushi Garg, Adobe & MV Shiva, Google
Wednesday June 10, 2026 5:15pm - 5:40pm IST
Scarlet 2&3
Everyone's heard the AAIF framing: MCP handles agent-to-tool, A2A handles agent-to-agent. Clean in theory. In practice, every multi-agent system lives at the boundary of both, and that boundary has no standard.
Context gets dropped. Errors go silent. A state that survived an entire A2A task lifecycle vanishes the moment it crosses into an MCP tool call. Nobody is talking about this publicly.
This session replaces the "vertical vs horizontal" mental model with something more honest: a precise seam diagram showing what each protocol guarantees, what it doesn't, and what falls into the gap. We'll go deep on MCP's Tasks primitive (SEP-1686)- including its two admitted gaps: no retry semantics, no expiry policies. We'll map the real failure modes developers are hitting today, drawn from open GitHub issues across both protocol repos.
Then a live demo using Google's open-source A2A sample repo: no custom code. We'll run a real multi-agent task, cross the protocol boundary, sever the trace header, and watch the silent failure happen in real time.
You'll leave with a clear mental model, a three-point failure checklist, and a concrete picture of what the spec needs next.
Speakers
avatar for MV Shiva

MV Shiva

SWE, Google

avatar for Arushi Garg

Arushi Garg

SDE-2, Adobe
Arushi Garg is an AI Engineer and researcher focused on building intelligent, scalable, and autonomous AI systems. At Adobe, she works on AI-driven backend solutions and cloud-native architectures with expertise in Kubernetes, MCP-based systems, AI agents, and distributed AI workflows... Read More →
Wednesday June 10, 2026 5:15pm - 5:40pm IST
Scarlet 2&3
  MCP Protocol in Depth
  • Audience Experience Level Any

5:15pm IST

Beyond Containers: Sandbox Architecture for MCP Tool Execution at Scale - Vikram Vaswani, Self Employed - Consultant
Wednesday June 10, 2026 5:15pm - 5:40pm IST
Scarlet 1
MCP gives us a clean abstraction for agents calling tools. But it doesn't talk about security: what if the tool does bad things?

For read-only tools returning structured data, a shared-kernel container is fine. For the growing class of MCP servers exposing code execution, the attack surface that produced CurXecute (CVE-2025-54135 and CVE-2025-59944), containers are the wrong primitive, because a single exploit crosses from MCP server to host.

This talk covers what MCP tool execution looks like when you take isolation seriously. It walks through the architectural pattern of scheduling Firecracker microVMs for MCP tool execution - sub-second resume (for chained tool calls and fast-start), minimal kernel configurations, and common integration paths with Kubernetes.

Attendees leave with a decision framework: four signals that isolation complexity is worth it, three signals it's overkill, and a clear mental model of the latency-vs-isolation tradeoff.
Speakers
avatar for Vikram Vaswani

Vikram Vaswani

Developer Advocate, Self Employed - Consultant
Vikram Vaswani is a developer advocate, open source consultant, and technical author with 20+ years of experience helping teams adopt and scale open source technologies. He is the author of seven books published by McGraw-Hill and Pearson, with translations in multiple languages... Read More →
Wednesday June 10, 2026 5:15pm - 5:40pm IST
Scarlet 1
  Security Identity + Trust

5:40pm IST

Managing Token Usage in MCP Servers Using Code Mode - Bhumika Satpathy, Google
Wednesday June 10, 2026 5:40pm - 6:05pm IST
Convention Hall
As the ecosystem for the Model Context Protocol (MCP) expands, developers are hitting a familiar wall: token bloat. While MCP provides a powerful standardized interface for LLMs to interact with external data, the "context tax" of verbose tool definitions and massive data payloads can quickly degrade performance and spike costs. To build production-ready agents, we must move beyond basic implementations and embrace advanced orchestration.

This session dives into the architecture of efficient MCP server design, focusing on the "Code Mode" technique. We will explore how to shift the heavy lifting from the LLM’s reasoning space to the server’s execution environment. Instead of forcing the model to process raw, unrefined data, "Code Mode" empowers the LLM to generate and ship logic—miniature, execution-ready scripts—directly to the MCP server. This approach minimizes round-trip latency and drastically reduces the input tokens required for complex data manipulation.
Speakers
avatar for Bhumika Satpathy

Bhumika Satpathy

Senior Software Engineer, Google
I am a Senior Software Engineer at Google and have been working with the MCP Platform team which helps to ease out creation and deployment of MCP Servers for developers within Google. We have solved multitude of challenges that users have faced and explored multiple techniques in... Read More →
Wednesday June 10, 2026 5:40pm - 6:05pm IST
Convention Hall
  Building with MCP

5:40pm IST

Multilingual MCP: Making Tool Calling Work for the Next Billion Users - Samyuktha Mohan Alagiri, IBM
Wednesday June 10, 2026 5:40pm - 6:05pm IST
Scarlet 1
MCP's tool schema, server descriptions, and routing logic are overwhelmingly designed around English. That assumption quietly breaks when you build for users in Hindi, Tamil, Kannada, or Bengali.
This talk is a ground-up look at where MCP falls short for Indic language users and what it takes to fix it. The specific failure modes covered include: intent ambiguity in tool selection when queries arrive in transliterated or code-switched text, embedding models trained on English producing poor similarity scores for Indic-language tool descriptions, and response localization gaps where tool results are returned in English to users who queried in their native language.
The talk then presents concrete patterns for each problem, including translated and dual-language tool manifests, language-aware routing layers that sit between the user and the MCP client, and lightweight post-processing for localizing tool outputs. All patterns are demonstrated with working code from production voice agent systems built for Indian users.
With the MCP Dev Summit landing in Bengaluru, this is a timely and locally grounded conversation the ecosystem needs to have.
Speakers
avatar for Samyuktha M S

Samyuktha M S

Software Developer, IBM
Samyuktha is a Software Developer at IBM India Software Labs who loves building things that actually work in production, from voice agents and multilingual multi-agent pipelines to self-healing infrastructure using MCP, LangGraph, Claude, and Qdrant. A 13x hackathon winner including... Read More →
Wednesday June 10, 2026 5:40pm - 6:05pm IST
Scarlet 1
  Ecosystem Registries + Platform Infrastructure

5:40pm IST

Extending MCP: Writing Custom Protocol Extensions Without Breaking Compatibility - Saurabh Mishra, Optum/UnitedHealthGroup
Wednesday June 10, 2026 5:40pm - 6:05pm IST
Scarlet 2&3
MCP's real power lies not just in what it defines, but in what it leaves room for. As teams push MCP into production, the need to add custom capabilities streaming responses, domain-specific metadata, proprietary auth flows runs headfirst into the risk of breaking existing clients and servers.
This talk walks through the practical discipline of extending MCP without fracturing compatibility: how to use capability negotiation correctly, where to extend vs. where to fork, how to version custom extensions gracefully, and how to contribute extensions upstream without waiting for a spec cycle.
Real examples from building extensions in the wild what worked, what silently broke things, and what the spec doesn't yet have a good answer for.
Attendees leave with a working mental model for extension design and a checklist for evaluating whether a custom extension is safe to ship
Speakers
avatar for Saurabh Mishra

Saurabh Mishra

Lead DevOps Engineer, Optum (UnitedHealthGroup)
Saurabh Mishra is a Cloud Evangelist and architect dedicated to high-level automation and DevOps excellence. He actively engages with the global tech community, sharing insights on cloud-native technologies, security best practices and multi-cloud strategies.As an experienced speaker and mentor... Read More →
Wednesday June 10, 2026 5:40pm - 6:05pm IST
Scarlet 2&3
  MCP Protocol in Depth

6:05pm IST

Why We Built a CLI Instead of an MCP Server for Jupyter Notebooks — and What We Learned - Lahari Chowtoori, AWS
Wednesday June 10, 2026 6:05pm - 6:30pm IST
Scarlet 2&3
Jupyter notebooks are essential for AI agents, yet the .ipynb JSON format is token-heavy and fragile for LLM manipulation. While an MCP server seemed like the obvious solution, we instead built nb—an open-source Rust CLI designed for agentic workflows.

This talk explores the design decisions behind nb and our move away from standard tool schemas:
- The Sentinel Format: Why line-oriented @@cell and @@output sentinels outperform deeply nested JSON for agent comprehension.
- Token Efficiency: How a single 800-token skills file replaced a complex MCP implementation, drastically reducing overhead.
- Content Hashing: Using SHA256 to solve output externalization and state management.
- Real-time Sync: Demonstrating collaborative editing via Y.js when bridged to a Jupyter server.

We’ll share benchmarks on task completion rates and token costs, and provide a clear framework for choosing between MCP servers and CLI-based skills. Attendees will learn when to leverage the simplicity of a CLI and when MCP’s multi-tenant auth and discovery are truly necessary.
Speakers
avatar for Lahari Chowtoori

Lahari Chowtoori

Technical Program Manager, AWS
Lahari Chowtoori is an AI enthusiast and Technical Program Manager at AWS, focusing on open source, Machine Learning, and Artificial Intelligence. With a background in Data Science and Machine Learning, she is passionate about democratizing AI knowledge and fostering community collaboration.She... Read More →
Wednesday June 10, 2026 6:05pm - 6:30pm IST
Scarlet 2&3
  Agent Architecture + Orchestration
  • Audience Experience Level Any

6:05pm IST

Why Our AI Agent Couldn't Scale Without MCP — and How We Built It - Para Hitesh & Mohit Jichkar, Red Hat
Wednesday June 10, 2026 6:05pm - 6:30pm IST
Convention Hall
Building an AI sales assistant means pulling data from everywhere , Salesforce for accounts, Snowflake for product catalogs, and internal KBs for pricing. We started by hardcoding each integration into the agent. It worked until every new data source meant rewriting agent code, duplicating auth logic, and redeploying everything. Tool definitions were tightly coupled, making it impossible to evolve the data layer independently.MCP changed everything. In this talk, I'll walk through how we built a production AI sales assistant using LangGraph connected to multiple MCP servers ,each wrapping a different backend, owned by a different team. I'll cover: why direct integrations become unmaintainable at 3+ sources; our reusable FastMCP server template that spins up domain-specific servers in days; how a user's SSO token flows end-to-end from agent through MCP to Snowflake OAuth with zero credential storage; why tool descriptions and agent prompts matter more than the protocol itself , and the patterns we developed (normalize-before-search, dynamic prompt injection) to make the LLM reliably pick the right tool; and what broke in production with real failures and real fixes.
Speakers
avatar for Mohit Jichkar

Mohit Jichkar

Senior Data Scientist, Red Hat
Mohit Jichkar is a Senior Data Scientist at Red Hat, where he builds AI-powered solutions. He has 7+ years of experience working across data science, machine learning, and AI. He has an M.Tech in Data Science and Engineering from BITS Pilani. He holds several US patents in AI based... Read More →
avatar for Para Hitesh

Para Hitesh

Senior Data Scientist, Red Hat
Hitesh Para is a Senior Data Scientist at Red Hat, where he builds AI-powered solutions . Prior to Red Hat, he spent over 4 years at Genpact specializing in NLP and Generative AI solutions. Hitesh holds a Google Professional Machine Learning Engineer certification, has published research... Read More →
Wednesday June 10, 2026 6:05pm - 6:30pm IST
Convention Hall
  Building with MCP
  • Audience Experience Level Any

6:05pm IST

Your MCP Server Answers Every Call. Should It? - Atulpriya Sharma, Improving
Wednesday June 10, 2026 6:05pm - 6:30pm IST
Scarlet 1
Your MCP server works. Every tool call executes. But do you know who made that call, whether they were allowed to, and whether it should have required a human to approve it first?

Most MCP servers today operate on implicit trust. If an agent can connect, it can run anything - usually without any identity checks, boundaries, or logs. That works in dev. In production, a misconfigured agent or a prompt injection can trigger your most sensitive tools with nothing to stop it.

This session makes the path from 'working' to 'governed' concrete: authenticating agents via OAuth, enforcing per-tool authorisation, and adding human-in-the-loop approvals for high-stakes actions. Live demo: we’ll take an unauthenticated agent, lock down the server, and hold a sensitive call for approval with a full trace on exit.

MCP connects agents to your most important systems; it’s time we started checking their IDs at the door.
Speakers
avatar for Atulpriya Sharma

Atulpriya Sharma

Principal Developer Advocate | CNCF Ambassador, Improving
Manual tester turned developer advocate. I talk about Cloud Native, Kubernetes & DevOps to help others adopt cloud native. I also create content – blog posts, webinars – & host Twitter spaces and strongly believe in collaborative learning and growth.

In addition, I'm also a CNCF Ambassador and the organizer of CNCF Hyderabad. When I am not working, I’m a food & travel blogger & love exploring eateries & going on road trips. You can find me at @TheTechMaharaj on Twitter... Read More →
Wednesday June 10, 2026 6:05pm - 6:30pm IST
Scarlet 1
  Security Identity + Trust
  • Audience Experience Level Any
 
  • Filter By Date
    Jun 9 - 10, 2026
  • Filter By Venue
    Bengaluru, Karnataka, India
    All
    Convention Hall
    Convention Hall Foyer
    Convention Hall Main Entry
    Scarlet 1
    Scarlet 2&3
    Tulip
  • Filter By Type
    Agent Architecture + Orchestration
    Breaks + Meals + Special Events
    Building with MCP
    Ecosystem Registries + Platform Infrastructure
    Enterprise Adoption + Integration
    Exhibits
    Keynote
    MCP Protocol in Depth
    Registration
    Security Identity + Trust
  • Audience Experience Level
    Advanced
    Any
    Beginner
    Intermediate
  • Timezone

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning App Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Tuesday, June 9
Wednesday, June 10
Convention Hall
Convention Hall Foyer
Convention Hall Main Entry
Scarlet 1
Scarlet 2&3
Tulip
  • Agent Architecture + Orchestration
  • Breaks + Meals + Special Events
  • Building with MCP
  • Ecosystem Registries + Platform Infrastructure
  • Enterprise Adoption + Integration
  • Exhibits
  • Keynote
  • MCP Protocol in Depth
  • Registration
  • Security Identity + Trust
  • Audience Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate