Loading…
June 9-10, 2026
Bengaluru, India
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit Bengaluru to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.


Audience: Yes clear filter
arrow_back View All Dates
Wednesday, June 10
 

10:00am IST

Keynote: Architecting Internet-Scale Agent Skills with Managed MCP - Prashanth Subrahmanyam, Lead for Google Cloud DevRel in JAPAC, Google
Wednesday June 10, 2026 10:00am - 10:10am IST
Local MCP prototyping is magic on a laptop, but scaling to production often triggers "Agentic Sprawl." To handle complex agent loops at scale, enterprises need a centralized architecture for integration, identity, and governance. This keynote explores Google Cloud’s full-stack vision for internet-scale agents. We will unpack the shift toward stateless MCP transports to solve multi-round-trip routing bottlenecks, show how Apigee converts legacy APIs into zero-code MCP skills, and highlight how developer tools like Antigravity and the Agent Development Kit (ADK) push the boundaries of AI from the cloud to the device.
Speakers
avatar for Prashanth Subrahmanyam

Prashanth Subrahmanyam

APAC Lead, Developer Adoption, Google Cloud, Google Cloud
Prashanth Subrahmanyam leads Cloud Developer Advocacy for APAC at Google, focussed on one problem: making agentic AI systems work reliably in production. With two decades of engineering experience spanning SAP, Apigee, and Google, including reliability engineering at Google... Read More →
Wednesday June 10, 2026 10:00am - 10:10am IST
Convention Hall
  Keynote Sessions
  • Audience Experience Level Any
  • Session Slides Yes

10:15am IST

Keynote: Extending Goose: Building an AI Teammate for 
Open Source - Abhijay Jain, Maintainer, Contributor & Grant Recipient, AAIF Goose
Wednesday June 10, 2026 10:15am - 10:25am IST
Goose is an open-source AI agent that can be extended through integrations, tools, and community-driven projects. In this talk, I'll share my journey working with Goose, explore how its capabilities can be extended through community-driven projects, highlight examples from the Goose ecosystem, and discuss the development of GooseBot as one approach to bringing AI agents closer to developer communities. Along the way, I'll cover lessons learned from building in the open and why extensibility is key to the future of open-source AI agents.
Speakers
avatar for Abhijay Jain

Abhijay Jain

Maintainer & Contributor, AAIF Goose, AAIF Goose
I’m Abhijay Jain, an open-source developer and FOSS enthusiast with experience across developer tooling, Bitcoin infrastructure, AI products, and modern web technologies.

Over the years, I’ve contributed to global open-source programs and organizations including the Linux Foundation, Google summer of code, Block, UnternehmerTUM, and several community-driven ecosystems. I started my open-source journey as an LFX mentee with Open Horizon (IBM open... Read More →
Wednesday June 10, 2026 10:15am - 10:25am IST
Convention Hall
  Keynote Sessions
  • Audience Experience Level Any
  • Session Slides Yes

10:25am IST

Keynote: From Shadow IT To Scale: The MCP Adoption Journey - Shannon Williams, Obot AI
Wednesday June 10, 2026 10:25am - 10:35am IST
The Model Context Protocol (MCP) is now an LF project, and that's fantastic news for the open source ecosystem. Last year MCP servers went mainstream fast, linking up AI models with apps, data and systems. Whether you are managing it or not, hundreds of people are already using MCPs within your company. Unfortunately, many IT teams are discovering this adoption, not planning it.

This talk provides a quick intro to the MCP ecosystem, and presents a four-stage maturity model for MCP adoption, from tracking shadow MCP development to secure, enterprise-wide deployment. You'll learn where your organization actually is (most are Stage 1 or early Stage 2), what infrastructure you need for each stage, and how to build the process and policies to turn MCP from a risk into an enabling technology.

This model is based on patterns from real deployments and hundreds of engagements with engineers dealing with this right now. I'll touch on MCP development, security, management, operations and how to get these incredibly useful tools into the hands of more and more users within your company.
Speakers
avatar for Shannon Williams

Shannon Williams

President, Obot AI
I am the President and co-founder of Obot AI, and have been building open source software for the last 20 years. Prior to starting Obot, I co-founded Cloud.com (creator of CloudStack) and Rancher Labs (creator of Rancher, k3s, Longhorn, etc). I was a board member of the CNCF for 4... Read More →
Wednesday June 10, 2026 10:25am - 10:35am IST
Convention Hall
  Keynote Sessions

11:00am IST

From Intent To Production: MCP Gateway Patterns for Regulated Banking - Hariskumar Panakkal, Wipro
Wednesday June 10, 2026 11:00am - 11:25am IST
I spent the last year building agentic systems with MCP and MCP Gateway, and want to share what I learned — especially the things you only hit when you try to build for a real, regulated domain.

The build is a four-part system: a React portal, a LangGraph agent, Microsoft MCP Gateway as the front door, and a FastMCP server with 19 tools behind it. This talk walks through how the pieces fit together and the specific patterns that worked.

What I'll cover:

- How I structured MCP tools with Pydantic schemas, idempotency keys, and correlation IDs that travel through every layer
- Why my first three gateway deployments failed and how the mcp-session-id header fixed stateful tool routing through MCP Gateway
- A simple tool wrapper pattern that keeps sensitive data like SSN out of the LLM context while the agent still reasons about the workflow
- Why I made consent its own MCP tool with a signed receipt instead of bundling it into submit
- Three gaps I hit in MCP and the gateway and how I worked around them — honest notes for the community

If you're building with MCP and MCP Gateway and heading toward anything production-grade, these are the patterns I wish I'd had going in.
Speakers
avatar for Hariskumar Panakkal

Hariskumar Panakkal

Distinguished Member of Technical Staff (DMTS) and Enterprise Architect, Wipro
Hariskumar Panakkal is an Enterprise Architect and Distinguished Member of Technical Staff (DMTS), recognized with the 2025 Most Valuable Technologist (MVT) award. With a background in cloud transformation and responsible AI, he has spent the last year building agentic systems on... Read More →
Wednesday June 10, 2026 11:00am - 11:25am IST
Convention Hall
  Building with MCP

11:00am IST

Beyond Tools and Resources: A Deep Dive into MCP Sampling for Agentic Features - Kevin Vaz, Smartbear
Wednesday June 10, 2026 11:00am - 11:25am IST
Most MCP servers are one-shot: the client asks, the server answers. But some features need the server to reason mid-execution like summarise a diff before returning it, classify input to pick the next step, recover from ambiguity instead of failing, generating new data. That's what sampling unlocks: the server calls back into the host's LLM, without ever holding its own model keys.

This deep dive walks through sampling/createMessage feature provided by the mcp protocol and its internals messages, modelPreferences, includeContext, systemPrompt — and what the client is actually allowed to modify. We'll cover capability negotiation and the human-in-the-loop approval flow, then step through how sampling patterns are actually built in the smartbear-mcp server, using its implementations over there to understand how one could build their own sampling features.

Then the hard parts: agent loops, token-budget blowups, portability across clients using different model providers.

You'll leave knowing when sampling beats tools or elicitation, and with patterns you can lift today.
Speakers
avatar for Kevin Rohan Vaz

Kevin Rohan Vaz

Senior Software Engineer, Smartbear
Kevin Rohan Vaz is a Senior software engineer at SmartBear and a core contributor to the open-source smartbear-mcp server and swagger contract testing features, where he designs and ships the server's sampling, tools, and resource integrations. He spends his time turning MCP spec... Read More →
Wednesday June 10, 2026 11:00am - 11:25am IST
Scarlet 2&3
  MCP Protocol in Depth
  • Audience Experience Level Beginner
  • Session Slides Yes

11:00am IST

"Allowed To" Is Not Enough: Access Control That Understands What Your Agent Is Actually Doing - Tejas Ladhani, Motorola Solutions Inc & Chandrashekar Haleupparahalli, Motorola Solutions
Wednesday June 10, 2026 11:00am - 11:25am IST
Every agent today answers one question at the auth layer: is this agent allowed to do this? Wrong question. The real one: is it doing something consistent with what the user asked - right now, in this step?

These aren't the same, and the gap is where things break.

Today's auth was built for humans logging into apps: roles and scopes that persist regardless of what the agent is actually attempting. Tell an agent to "read this PDF and send the pointers to my team." The PDF hides an instruction: also forward the thread to an external address. The agent fires two sends - one legit, one exfiltration. Same token. Same checks. Role-based auth can't tell them apart because it never knew the agent's job.

This talk closes that gap. We'll trace why every prior access model assumed a stable human actor - and why that collapses when agents delegate to agents. We'll introduce Intent-Based Access Control: decisions that reflect not just what an agent may do, but what it's trying to do right now. We'll cover emerging standards like transaction tokens and richer auth context, plus concrete steps to ship intent-aware access in MCP flows today.
Speakers
avatar for Chandrashekar Haleupparahalli

Chandrashekar Haleupparahalli

Engineering Manager, Motorola Solutions Inc
Engineer Manager of Identity and Access Management
avatar for Tejas Ladhani

Tejas Ladhani

Software Engineer II, Motorola Solutions Inc
Tejas Ladhani is a Software Engineer at Motorola Solutions, architecting Agentic AI for mission-critical public safety. He specializes in high-stakes systems where security is foundational and downtime has real-world consequences, from unifying enterprise identity layers to slashing... Read More →
Wednesday June 10, 2026 11:00am - 11:25am IST
Scarlet 1
  Security Identity + Trust

11:30am IST

Beyond Tool Calls: Unlocking Interactive, Token-Smart Agents with MCP Apps - Suraj B, HDFC Bank
Wednesday June 10, 2026 11:30am - 11:55am IST
MCP Apps are reshaping what a Model Context Protocol server can do — turning text-only tool exchanges into rich, interactive experiences embedded directly in the host. This session takes a builder's tour of the MCP Apps extension: core concepts, target use cases (dashboards, multi-step workflows, human-in-the-loop confirmations), the security model, and current limitations worth knowing before adoption.
A central theme is the visibility paradigm — letting UI carry state the model doesn't need to see, unlocking meaningful token savings on data-heavy flows. We'll cover iframe sandbox constraints, postMessage patterns, session-bound identity, and prompt-injection defenses for sensitive actions. We will also cover existing protocol limitations and work going on to address the same in exp-apps working group.
We close with a live Go-based demo executing a fund transfer flow end-to-end.
Speakers
avatar for Suraj B

Suraj B

Lead Engineer, HDFC Bank
Suraj is a contributor to the MCP Go SDK and member of the MCP Financial Services Interest Group. He is a Lead Backend and AI Engineer at HDFC Bank, building agentic AI platforms with a focus on MCP server architecture and token optimization. A Go developer with ~10 years of experience... Read More →
Wednesday June 10, 2026 11:30am - 11:55am IST
Convention Hall
  Building with MCP

11:30am IST

SEO for Agents: Designing MCP Endpoints That Let Agents Evaluate Each Other Before Transacting - Manav Agarwal, Dream11
Wednesday June 10, 2026 11:30am - 11:55am IST
When humans hire someone, they ask questions first. Check reviews, compare, negotiate. AI agents can't do any of this.

An MCP flight booking server says: "I book flights." Another agent can't ask: How many routes? Success rate? Can you get business class upgrades?

I tore down top MCP servers across mcp.so, Smithery, Glama, PulseMCP. The #1 server has 52K stars but exposes 47 capabilities with zero verifiable metrics. Tool schema: 1,020 tokens of bloat.

The problem: MCP tool schemas describe WHAT but not HOW WELL. No capability layer for agents to evaluate each other before committing.

What's needed — structured capability endpoints:

"I book flights"
→ 147 routes, 96.2% completion, 23% avg savings
→ Business class upgrades: 340 secured, 41% success
→ Savings by route queryable, methodology documented
→ Full transaction log for independent verification

Exposed as MCP resource endpoints —
capability/summary returns structured metrics, capability/evidence/{tool} returns methodology, capability/raw/{tool} returns verifiable logs.

I'll show real endpoint teardowns, what's missing from tool schemas, and a draft capability-metadata spec builders can implement.
Speakers
avatar for Manav Agarwal

Manav Agarwal

Senior Product Manager | Engineer, Dream11 | DreamStreet
An engineer drawn less to building features than to questioning the foundations systems rest on — the invisible layer of trust, payments, and reputation that quietly decides whether strangers ever cooperate. That instinct has carried him from the plumbing of agentic commerce (he's... Read More →
Wednesday June 10, 2026 11:30am - 11:55am IST
Scarlet 1
  Security Identity + Trust

12:00pm IST

Running MCP Fully Local: Private, Offline-Capable Agents With Ollama and Open Models - Harish Kotra, Forge Alumnus
Wednesday June 10, 2026 12:00pm - 12:25pm IST
Over the last few months I've built and shipped 100+ agents in public, many wired into MCP servers running against local models through Ollama, LM Studio, and decentralized open-source inference. A draw.io MCP server driven by Llama 3.2, an Excalidraw MCP integration, a Bright Data MCP briefing agent, all running end-to-end without a single token leaving the host.

This talk is a working engineer's tour of that stack. We'll walk through a minimal local MCP setup (server + client + Ollama) and then dig into the real-world failure modes: tool-selection collapse on 7B models, JSON-schema compliance gaps, capability-negotiation mismatches, and the surprisingly large quality delta between structured-output fine-tunes and general chat models. I'll share the prompt shapes, tool-description patterns, and schema-validation tricks that reliably push small open models from "demo-grade" to "I'd ship this internally."

Attendees will leave with a reference architecture for private MCP, a shortlist of open models that actually handle tool calls well today, and a set of design patterns for MCP servers that degrade gracefully when the client LLM has 8B parameters instead of a trillion.
Speakers
avatar for Harish Kotra

Harish Kotra

DevX Lead, xo.builders
Harish is a Fractional CTO and AI agent builder based in India. He previously led Developer Relations at Gaia and spent over a decade at AngelHack organizing 200+ hackathons. Since 2026 he's published one new open-source AI agent every day at dailybuild.xyz, 100+ builds spanning MCP... Read More →
Wednesday June 10, 2026 12:00pm - 12:25pm IST
Convention Hall
  Building with MCP
  • Audience Experience Level Any
  • Session Slides Yes

12:00pm IST

From MCP Discovery To Execution: Building a Governed Marketplace & Gateway for Agentic Systems - Rahul Ganesh Partheeban, Freshworks
Wednesday June 10, 2026 12:00pm - 12:25pm IST
We started building an MCP gateway in early 2025, when the spec was still maturing, and there were no established patterns for multi-tenant enterprise implementation.

This talk will delve into the key patterns we used for taking MCP from POC to Production. We'll also cover layering MCP as a gateway over an existing platform:

- Propagating tenant context through the MCP handshake, so a single gateway can safely serve thousands of accounts.
- Decoupling session state from pod affinity with a distributed session store — needed for horizontal auto-scaling and safe rolling deploys.
- A three-tier error model (protocol/gateway/application) so agents classify failures and retry intelligently.
- A sub-registry that extends the registry with vetting and curates trusted Remote MCP servers with per-tenant install state.
- Multi-tenant session and secret management with One-click install and OAuth 2.1 + Dynamic Client Registration handled by the marketplace, not by every AI client.
- MCP gateway that proxies to remote servers under shared FUP, rate limits, retries/circuit-breaking, and analytics - handling a black-box third-party server with guardrails.
Speakers
avatar for Rahul Ganesh Partheeban

Rahul Ganesh Partheeban

Lead Software Engineer - Systems, Freshworks
Rahul Ganesh Partheeban is a Lead Software Engineer at Freshworks, working on platform engineering for marketplace integrations and app ecosystems. He builds extensible, event-driven, multi-tenant platforms powering thousands of integrations and developer workflows. He played a leading... Read More →
Wednesday June 10, 2026 12:00pm - 12:25pm IST
Scarlet 1
  Ecosystem Registries + Platform Infrastructure
  • Audience Experience Level Any
  • Session Slides Yes

12:00pm IST

Ambient Identity: Just-in-Time Authorization Patterns for the Model Context Protocol - Ayesha Dissanayaka, WSO2
Wednesday June 10, 2026 12:00pm - 12:25pm IST
As the Model Context Protocol (MCP) matures, we face a critical security hurdle: how do ambient agents that are running in the background or on headless devices securely access sensitive resources without constant manual intervention?

Standard OAuth flows often break the "ambient" experience by requiring immediate browser redirects on the same device. This session proposes a decentralized identity architecture using Client-Initiated Backchannel Authentication (CIBA). By decoupling the consumption of resources from the authorization flow, an MCP client can trigger a "just-in-time" permission request directly to a user's trusted mobile device.

Key Takeaways:
- Decoupled Auth: Implementing CIBA to bridge the gap between headless MCP clients and human controllers.
- Just-in-Time delegations: Moving from "all-or-nothing" API keys to granular, session-based permissions.
- Security Patterns: Handling asynchronous "Out-of-Band" callbacks within the MCP lifecycle.

Join us to explore how we can make background agents both powerful and respectful of the "human-in-the-loop" principle.
Speakers
avatar for Ayesha Dissanayaka

Ayesha Dissanayaka

Associate Director / Architect, WSO2
Ayesha is Lead Architect for Identity and Access Management for Agentic AI at WSO2, specializing in securing autonomous AI systems. With over a decade in enterprise IAM, she architects identity solutions for AI agents, bridging traditional frameworks with emerging AI security needs... Read More →
Wednesday June 10, 2026 12:00pm - 12:25pm IST
Scarlet 2&3
  Security Identity + Trust
  • Audience Experience Level Beginner
  • Session Slides Yes

1:55pm IST

Agents Don't Fail, Environments Do: Lessons From Production MCP Deployments in Telecom - Divya Vijay, NetoAI
Wednesday June 10, 2026 1:55pm - 2:20pm IST
At NetoAI we build AI agents for telecom network operations. Our Rapid Root Cause Analysis Agent, built on our open-source TSLAM models (22k+ HF downloads), runs against live operator networks.

When we moved to MCP as the tool-interface layer, agents that passed eval started breaking weeks after production launch. The model, prompts, retrieval, none were root cause. The tool environment itself was.

So we built a digital-twin simulation of our production telecom domain and stress-tested MCP agents across four axes:
1). tool-set scale
2). task complexity
3). persona variability
4). deterministic repetition.

Tool-selection accuracy is near-perfect up to ~20 exposed tools, then collapses. One bad early dependency step cascades the whole workflow.

I'll walk through the seven failure patterns we kept hitting, including Tool Selection Collapse and Cascading Fragility, the three architectural root causes behind them, and the task-scoping and dependency-aware fixes that worked. You leave with a pre-launch methodology for your own MCP servers vendor-neutral, applicable to any dependency-dense domain.
Speakers
avatar for Divya Vijay

Divya Vijay

Senior AI Engineer, NetoAI
Senior AI Engineer at NetoAI, building production agent systems. Co-author on T-VEC and G-SPEC research papers. Previously Software Engineer at Prodapt. 3 years of shipping AI and full-stack software across agentic and UI engineering in telecom.
Wednesday June 10, 2026 1:55pm - 2:20pm IST
Scarlet 1
  Agent Architecture + Orchestration
  • Audience Experience Level Beginner
  • Session Slides Yes

1:55pm IST

Why Your Database MCP Should Never Talk To Your Database - Gowtham Raj Elangovan, Comcast
Wednesday June 10, 2026 1:55pm - 2:20pm IST
Most database MCP implementations are stdio transport, hardcoded URIs, and live connections handed directly to AI agents. This works on a laptop. It fails in production.
Direct agent-to-database connectivity is dangerous. Connection exhaustion, raw credentials in agent context, DDL one hallucination away, PII returning unfiltered into LLM context windows, runaway queries taking down production clusters. Not theoretical. Production failures waiting to happen.
For our internal DBaaS service we built a two-layer remote MCP architecture to close every one of them. An MCP Proxy handles agent-facing concerns — JWT auth, SSO-backed approvals, rate limiting, and an execution_id registry so no agent ever sees a raw URI. It never touches the database. Queries route through a Query Service — the only layer that does. Read-only enforced structurally, DDL blocked even for root, injection filtered, timeouts enforced, Presidio scrubbing PII before responses reach any agent context window. We contrast this with direct-connect tools, contribute execution_id as a reusable enterprise primitive, and make the case for why an enforcement layer between MCP and your DB is the architecture — not an option
Speakers
avatar for Gowtham Raj Elangovan

Gowtham Raj Elangovan

Principal Engineer, Comcast
Senior Data Platform & Database Engineering Architect with 13+ years building large-scale, cloud-native, and distributed database systems on-prem and AWS. Expert in autonomous AI-driven optimization, reliability engineering, and platform automation. Proven track record leading teams... Read More →
Wednesday June 10, 2026 1:55pm - 2:20pm IST
Scarlet 2&3
  Security Identity + Trust
  • Audience Experience Level Advanced
  • Session Slides Yes

2:25pm IST

Skills Are Not MCP Servers: When To Use Which (and How To Make Them Work Together) - Animesh Pathak & Jyoti Bisht, Harness Inc
Wednesday June 10, 2026 2:25pm - 2:50pm IST
There's a running argument in the AI tooling world right now do you need MCP servers, or can you just use Skills? I've been on both sides of this. At Harness, I've built Claude Skills for DevOps workflows and worked with our MCP server that wraps the entire platform. And the honest answer is: it depends, but most people are picking the wrong one for the wrong job.

In this talk I'll break down where the boundary actually is. Skills are great when the knowledge is stable conventions, workflow logic, best practices. MCP servers earn their keep when you need live data, real-time API calls, or actions with side effects. The interesting part is what happens when you layer them: a Skill that knows how to debug a failed deployment, calling an MCP server that pulls live pipeline logs and execution data.

I'll walk through real examples I've built skills that started as simple "SKILL.md" files and grew into MCP-backed workflows, and cases where I over-engineered an MCP server when a markdown file would've done the job. If you're building agents and trying to figure out the right architecture, this talk should save you some wrong turns.
Speakers
avatar for Animesh Pathak

Animesh Pathak

DevRel Engineer, Harness
avatar for Jyoti Bisht

Jyoti Bisht

Senior Developer Relations Engineer, Harness
Jyoti Bisht is a Senior Developer Relations Engineer with 4+ Years of experience working at the intersection of cloud infrastructure, open source and community building. A CNCF community member, GSoC contributor, and MLH pod leader, she has spoken at DevRelCon, etc. When she is not... Read More →
Wednesday June 10, 2026 2:25pm - 2:50pm IST
Convention Hall
  Building with MCP

2:25pm IST

The Stdio Deadlock Nobody Warned Us About: OS-Level Process Management for MCP - Yuvraj Pradhan, MIT ADT University & Archana Kumari, MIT ADT University
Wednesday June 10, 2026 2:25pm - 2:50pm IST
When we moved our multi-agent MCP system from REST to stdio transport, the protocol schema was not the problem. OS pipes have no safety nets.

When a model silently segfaults mid-inference, it does not send a JSON-RPC error. It just dies. The orchestrator sits blocked on a stdout.readline(), which never comes.

Then we hit the pipe buffer deadlock.

Inference engines are noisy. They dump token speeds and debug logs to stderr. If the orchestrator is waiting on stdout and ignoring stderr, the OS pipe buffer fills up to 64KB. The OS physically halts the model. The orchestrator waits for the model to finish. The model waits for the orchestrator to clear the pipe. Nobody moves.

To fix it we had to build async wrapper classes that continuously drain stderr into background loggers.

This talk covers what we learned:

- Draining stderr continuously or your process dies silently
- Managing SIGKILL and EOF lifecycles to flush sensitive data from RAM
- Replacing HTTP timeout assumptions with OS process management

If you are running MCP over stdio, this talk is the process management guide the MCP ecosystem has not written yet.
Speakers
avatar for Yuvraj Pradhan

Yuvraj Pradhan

AI Systems Engineer, MIT-ADT UNIVERSITY
Yuvraj Pradhan is an AI Systems Engineer specialising in cost-efficient GenAI and secure multi-agent architectures. He is the first author of research published in Springer Nature on architecting a 125M-parameter NanoLLM for STEM tasks that outperforms significantly larger models... Read More →
avatar for Archana Kumari

Archana Kumari

Ai Systems Developer, MIT ADT University
Archana Kumari is an AI Systems Developer building practical machine learning systems and edge AI applications. Her work spans LLMs, computer vision on embedded devices, and full-stack tooling with Python and Java. She has developed multi-agent reasoning frameworks and voice-assisted... Read More →
Wednesday June 10, 2026 2:25pm - 2:50pm IST
Scarlet 1
  MCP Protocol in Depth
  • Audience Experience Level Advanced
  • Session Slides Yes

2:25pm IST

Auditing MCP Tool Calls at the Kernel Level: eBPF as a Trust Boundary Enforcer - Harini Anand, IBM
Wednesday June 10, 2026 2:25pm - 2:50pm IST
As MCP servers exponentially proliferate, a critical question emerges: who audits what an LLM actually did when it invoked a tool?

Application-layer logs can be tampered with or missed. This talk argues that eBPF is the only tamper-resistant audit layer for MCP tool execution and shows you how to build it.

We walk through instrumenting an MCP server's syscall surface with bpftrace and cilium/ebpf: capturing every network egress triggered by a tool call, every file descriptor opened, every exec spawned, correlated back to the originating MCP request ID via process lineage tracking in BPF maps.

The result is an immutable, kernel-enforced audit trail that no application-layer bug or prompt injection can suppress.

We'll also cover using eBPF LSM hooks to enforce policy at call time, blocking tool invocations that attempt unexpected network destinations or file paths effectively making eBPF a runtime policy engine for MCP's threat model.

Attendees leave with a working threat model, reference eBPF programs, and a clear mental model for where kernel enforcement fits in MCP's trust architecture.
Speakers
avatar for Harini Anand

Harini Anand

SDE in Data & AI, IBM
SDE at IBM Data & AI, working on IBM watsonx™. Software Engineering Researcher at UIUC. Computational Cognition Researcher at Georgia Institute of Technology. Biomedical XAI Researcher at Dartmouth College.
Formerly at Niramai & IIT Hyderabad, researching ML for breast cancer and gene regulatory networks. Built cognitive tools for dementia prevention as a student entrepreneur. Google KaggleX Mentee, AWS Scholar, Harvard WE Tech Fellow, Oxford & MIT Summer School alumna and a Stanford... Read More →
Wednesday June 10, 2026 2:25pm - 2:50pm IST
Scarlet 2&3
  Security Identity + Trust

2:55pm IST

Agentic DX: Bringing Your IDP Into the IDE - Adnan Vahora & Rinkal Mav, Motorola Solutions
Wednesday June 10, 2026 2:55pm - 3:20pm IST
Platform engineering has a chicken-and-egg problem: the platform needs adoption to justify investment, but adoption requires onboarding that teams resist when deadlines are tight. Our internal developer platform hit this hard. It serves 4,000+ developers across clouds and managed Kubernetes, yet many teams found the portal too unfamiliar.
We solved it with a second entry point built on MCP. Instead of learning a new UI, developers get 30+ platform capabilities directly in IDE chat, from namespace provisioning and Helm deployments to cost analysis and access management. An MCP App renders forms in chat, developers approve and execute, and a first deployment can happen with almost no onboarding.
This session covers the production architecture: sandboxed iframe-based MCP Apps, Elicitation for structured write approvals, an Adaptive Tool Router that keeps 30+ tool schemas from flooding the context window, a split between deterministic Agent Skills and ReAct reasoning, and a safety layer with a sub-500ms kill switch plus delegated RBAC tied to existing permissions. Attendees leave with a practical blueprint for meeting developers where they already work.
Speakers
avatar for Adnan Vahora

Adnan Vahora

Software Engineer, Motorola Solutions
Adnan is a software engineer driving enterprise Agentic AI adoption at Motorola’s prestigious Emerging Tech Lab and Incubation Center. Supporting an infrastructure platform used by 5,000+ developers monthly, he leads the development of a composable agent framework that allows teams... Read More →
avatar for Rinkal Mav

Rinkal Mav

Software (AI/ML) Engineer, Motorola Solutions
Rinkal Mav is an AI/ML Engineer at Motorola Solutions, pushing the boundaries of Generative AI, LLMs, and deep learning to build impactful, real-world systems. A Gold Medalist from her grad days, she brings a bold, fearless approach to innovation - owning the stage at industry tech... Read More →
Wednesday June 10, 2026 2:55pm - 3:20pm IST
Scarlet 1
  Enterprise Adoption + Integration

3:25pm IST

Why Agents Make Different Decisions With the Same Tools - Jyoti Bisht & Animesh Pathak, Harness; Aditya Oberai, Appwrite
Wednesday June 10, 2026 3:25pm - 3:50pm IST
Scenario: Deploy an agent to production. Works 90% of time in testing. Month later: Claude model updates. Success rate drops to 70%. Why? Model change altered how tools are ranked.
You can't see this. You have no control. Your agent silently degraded.
This talk identifies sources of divergence:

Temperature/sampling: Agent with temp 0.7 calls Salesforce 60% of time. Temp 0 calls it 95%.
Model version: Claude 3.5 favors Salesforce (in training data). Opus 4.5 favors email (newer training). Same task, different choices.
Context truncation: Tool listed first in window = primacy bias (70% called). Tool listed last = recency bias (30%).
Tool schema order: Tools listed alphabetically vs. semantic order (query before create) changes success rate 25%.
Schema verbosity: Detailed descriptions make tools more likely to be selected than sparse ones.

Then proposes solution: Agent fingerprinting. Create deterministic test suite capturing baseline behavior. Before deploying new model/agent version: run fingerprint suite. If success rate drops 10%+, alert. Don't deploy.
Speakers
avatar for Animesh Pathak

Animesh Pathak

DevRel Engineer, Harness
avatar for Aditya Oberai

Aditya Oberai

Developer Relations Lead, Appwrite
Aditya Oberai is the Developer Relations Lead at Appwrite and an avid tech community and hackathon enthusiast. Having worked with various technologies such as APIs, web apps, cloud computing, etc., he has spent the last 6 years empowering tech communities and is a Microsoft MVP awardee... Read More →
avatar for Jyoti Bisht

Jyoti Bisht

Senior Developer Relations Engineer, Harness
Jyoti Bisht is a Senior Developer Relations Engineer with 4+ Years of experience working at the intersection of cloud infrastructure, open source and community building. A CNCF community member, GSoC contributor, and MLH pod leader, she has spoken at DevRelCon, etc. When she is not... Read More →
Wednesday June 10, 2026 3:25pm - 3:50pm IST
Scarlet 1
  Agent Architecture + Orchestration

3:25pm IST

When Agents Get SSH Keys: Securing Distributed AI Fleet With MCP - Mradul Dubey, ApraLabs
Wednesday June 10, 2026 3:25pm - 3:50pm IST
Agent security discussions focus on prompt injection and sandboxing. But when agents operate on real infrastructure - pushing to Git, executing code via SSH, starting cloud instances - every machine in the fleet carries its own keys, tokens, and credentials, multiplying the risk.

This talk presents the security architecture of apra-fleet, an open-source (Apache 2.0) MCP server that orchestrates AI agents across distributed machines:
- Credential lifecycle: provisioning LLM auth (OAuth, API keys), SSH keys, and Git tokens with automated key-pair migration
- Out-of-band credential entry: passwords collected via separate terminal, never exposed to the LLM. "LLM secure variables" for sensitive text
- Short-lived tokens: GitHub App mints scoped tokens with minute-level TTLs - a compromised session cannot reuse yesterday's token
- Role-scoped permissions: MCP tool constraints make violations structurally impossible - a doer agent cannot call the merge tool
- Encryption at rest

Grounded in production sprints across C++, Node.js, Python, and ML. Attendees leave with reusable patterns for securing multi-agent systems on real infrastructure.
Speakers
avatar for Mradul Dubey

Mradul Dubey

Senior Software Developer, ApraLabs
Mradul is a developer at Apra Labs with over 8 years of experience in ML, edge AI and computer vision. At Apra Labs, he works across the stack from embedded inference to cloud infrastructure. A natural skeptic, his recent focus has shifted to agentic AI - he co-architects to apra-fleet... Read More →
Wednesday June 10, 2026 3:25pm - 3:50pm IST
Scarlet 2&3
  Security Identity + Trust

4:20pm IST

Multilingual MCP: Making Tool Calling Work for the Next Billion Users - Samyuktha Mohan Alagiri, IBM
Wednesday June 10, 2026 4:20pm - 4:45pm IST
MCP's tool schema, server descriptions, and routing logic are overwhelmingly designed around English. That assumption quietly breaks when you build for users in Hindi, Tamil, Kannada, or Bengali.
This talk is a ground-up look at where MCP falls short for Indic language users and what it takes to fix it. The specific failure modes covered include: intent ambiguity in tool selection when queries arrive in transliterated or code-switched text, embedding models trained on English producing poor similarity scores for Indic-language tool descriptions, and response localization gaps where tool results are returned in English to users who queried in their native language.
The talk then presents concrete patterns for each problem, including translated and dual-language tool manifests, language-aware routing layers that sit between the user and the MCP client, and lightweight post-processing for localizing tool outputs. All patterns are demonstrated with working code from production voice agent systems built for Indian users.
With the MCP Dev Summit landing in Bengaluru, this is a timely and locally grounded conversation the ecosystem needs to have.
Speakers
avatar for Samyuktha M S

Samyuktha M S

Software Developer, IBM
Samyuktha is a Software Developer at IBM India Software Labs who loves building things that actually work in production, from voice agents and multilingual multi-agent pipelines to self-healing infrastructure using MCP, LangGraph, Claude, and Qdrant. A 13x hackathon winner including... Read More →
Wednesday June 10, 2026 4:20pm - 4:45pm IST
Scarlet 1
  Ecosystem Registries + Platform Infrastructure

4:50pm IST

Extending MCP: Writing Custom Protocol Extensions Without Breaking Compatibility - Saurabh Mishra, Optum/UnitedHealthGroup
Wednesday June 10, 2026 4:50pm - 5:15pm IST
MCP's real power lies not just in what it defines, but in what it leaves room for. As teams push MCP into production, the need to add custom capabilities streaming responses, domain-specific metadata, proprietary auth flows runs headfirst into the risk of breaking existing clients and servers.
This talk walks through the practical discipline of extending MCP without fracturing compatibility: how to use capability negotiation correctly, where to extend vs. where to fork, how to version custom extensions gracefully, and how to contribute extensions upstream without waiting for a spec cycle.
Real examples from building extensions in the wild what worked, what silently broke things, and what the spec doesn't yet have a good answer for.
Attendees leave with a working mental model for extension design and a checklist for evaluating whether a custom extension is safe to ship
Speakers
avatar for Saurabh Mishra

Saurabh Mishra

Lead DevOps Engineer, Optum (UnitedHealthGroup)
Saurabh Mishra is a Cloud Evangelist and architect dedicated to high-level automation and DevOps excellence. He actively engages with the global tech community, sharing insights on cloud-native technologies, security best practices and multi-cloud strategies.As an experienced speaker and mentor... Read More →
Wednesday June 10, 2026 4:50pm - 5:15pm IST
Scarlet 1
  MCP Protocol in Depth

5:20pm IST

Why We Built a CLI Instead of an MCP Server for Jupyter Notebooks — and What We Learned - Piyush Jain, AWS
Wednesday June 10, 2026 5:20pm - 5:45pm IST
Jupyter notebooks are essential for AI agents, yet the .ipynb JSON format is token-heavy and fragile for LLM manipulation. While an MCP server seemed like the obvious solution, we instead built nb—an open-source Rust CLI designed for agentic workflows.

This talk explores the design decisions behind nb and our move away from standard tool schemas:
- The Sentinel Format: Why line-oriented @@cell and @@output sentinels outperform deeply nested JSON for agent comprehension.
- Token Efficiency: How a single 800-token skills file replaced a complex MCP implementation, drastically reducing overhead.
- Content Hashing: Using SHA256 to solve output externalization and state management.
- Real-time Sync: Demonstrating collaborative editing via Y.js when bridged to a Jupyter server.

We’ll share benchmarks on task completion rates and token costs, and provide a clear framework for choosing between MCP servers and CLI-based skills. Attendees will learn when to leverage the simplicity of a CLI and when MCP’s multi-tenant auth and discovery are truly necessary.
Speakers
avatar for Piyush Jain

Piyush Jain

Principal Engineer, AWS
Piyush Jain is a Principal Engineer at AWS working on Jupyter and Agentic AI. He is a distinguished Jupyter contributor, a member of the Jupyter Server Council and founding member of Jupyter AI Contrib Github Org.
Wednesday June 10, 2026 5:20pm - 5:45pm IST
Scarlet 1
  Agent Architecture + Orchestration
  • Audience Experience Level Any
  • Session Slides Yes

5:20pm IST

Why Our AI Agent Couldn't Scale Without MCP — and How We Built It - Para Hitesh & Mohit Jichkar, Red Hat
Wednesday June 10, 2026 5:20pm - 5:45pm IST
Building an AI sales assistant means pulling data from everywhere , Salesforce for accounts, Snowflake for product catalogs, and internal KBs for pricing. We started by hardcoding each integration into the agent. It worked until every new data source meant rewriting agent code, duplicating auth logic, and redeploying everything. Tool definitions were tightly coupled, making it impossible to evolve the data layer independently.MCP changed everything. In this talk, I'll walk through how we built a production AI sales assistant using LangGraph connected to multiple MCP servers ,each wrapping a different backend, owned by a different team. I'll cover: why direct integrations become unmaintainable at 3+ sources; our reusable FastMCP server template that spins up domain-specific servers in days; how a user's SSO token flows end-to-end from agent through MCP to Snowflake OAuth with zero credential storage; why tool descriptions and agent prompts matter more than the protocol itself , and the patterns we developed (normalize-before-search, dynamic prompt injection) to make the LLM reliably pick the right tool; and what broke in production with real failures and real fixes.
Speakers
avatar for Mohit Jichkar

Mohit Jichkar

Senior Data Scientist, Red Hat
Mohit Jichkar is a Senior Data Scientist at Red Hat, where he builds AI-powered solutions. He has 7+ years of experience working across data science, machine learning, and AI. He has an M.Tech in Data Science and Engineering from BITS Pilani. He holds several US patents in AI based... Read More →
avatar for Para Hitesh

Para Hitesh

Senior Data Scientist, Red Hat
Hitesh Para is a Senior Data Scientist at Red Hat, where he builds AI-powered solutions . Prior to Red Hat, he spent over 4 years at Genpact specializing in NLP and Generative AI solutions. Hitesh holds a Google Professional Machine Learning Engineer certification, has published research... Read More →
Wednesday June 10, 2026 5:20pm - 5:45pm IST
Scarlet 2&3
  Building with MCP
  • Audience Experience Level Any
  • Session Slides Yes
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Audience Experience Level
  • Session Slides
  • Workshop
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date -