BEGIN:VCALENDAR
VERSION:2.0
X-WR-CALNAME:mcpbengaluru26
X-WR-CALDESC:Event Calendar
METHOD:PUBLISH
CALSCALE:GREGORIAN
PRODID:-//Sched.com MCP Dev Summit Bengaluru 2026//EN
X-WR-TIMEZONE:UTC
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T023000Z
DTEND:20260609T133000Z
SUMMARY:Zen Zone
DESCRIPTION:\n
CATEGORIES:
LOCATION:Tulip\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:389297e332d6bc12d624c651ee84a478
URL:http://mcpbengaluru26.sched.com/event/389297e332d6bc12d624c651ee84a478
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T023000Z
DTEND:20260609T142000Z
SUMMARY:Solutions Showcase
DESCRIPTION:\n
CATEGORIES:EXHIBITS
LOCATION:Convention Hall Foyer\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:eb86fd6d658a06923044a3eca09e9e11
URL:http://mcpbengaluru26.sched.com/event/eb86fd6d658a06923044a3eca09e9e11
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T023000Z
DTEND:20260609T133000Z
SUMMARY:Registration & Badge Pick-Up
DESCRIPTION:\n
CATEGORIES:REGISTRATION
LOCATION:Convention Hall Main Entry\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:5dac4b0f3f696eb172731861dcd78165
URL:http://mcpbengaluru26.sched.com/event/5dac4b0f3f696eb172731861dcd78165
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T040000Z
DTEND:20260609T045500Z
SUMMARY:Keynotes To Be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:380a4d8d3604c4e19aec205415f0c839
URL:http://mcpbengaluru26.sched.com/event/380a4d8d3604c4e19aec205415f0c839
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T045000Z
DTEND:20260609T052500Z
SUMMARY:Morning Break
DESCRIPTION:\n
CATEGORIES:BREAKS + MEALS + SPECIAL EVENTS
LOCATION:Convention Hall Foyer\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:01dd1cd48baa2b41f188f69845f8fd06
URL:http://mcpbengaluru26.sched.com/event/01dd1cd48baa2b41f188f69845f8fd06
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T052500Z
DTEND:20260609T062500Z
SUMMARY:Workshop: From One Agent To a Fleet: Distributed Multi-Agent Workflows With MCP - Mansi Rathod\, Apra Labs Pvt Ltd & Yashraj Singh\, Apra Labs
DESCRIPTION:**Space Limited - First Come\, First Served.&nbsp\; Please bring a fully charged laptop to the workshop**\n\nA single coding agent is useful. Real engineering work spans multiple machines and repos\, and coordination breaks the moment two agents cooperate. What does it take to build an MCP server that manages a fleet lifecycle from one conversation and enforces quality on output?\n \n This workshop uses apra-fleet (Apache 2.0) as a worked example of pushing MCP into distributed agent coordination\, with tool schemas encoding a doer-reviewer pattern and review gates.\n \n Part 1\, Server architecture: Transport selection (stdio vs HTTP) for long-running fleets\, a strategy pattern abstracting SSH and local execution behind one tool surface\, provider adapters for Claude\, Gemini\, and Codex\, and git-backed session state for checkpointing.\n \n Part 2\, Fleet in action: A live sprint. Fleet registration\, credential provisioning\, task decomposition\, doer-reviewer assignment\, and parallel execution through review gates\, via MCP tool calls.\n \n Part 3\, Failure modes: Agent crashes\, SSH drops\, reviewer rejections. Real failures triggered on stage\, recovered from exact breakpoints using git state.\n \n You'll leave with concrete patterns for building MCP servers that coordinate distributed agents\, not just expose tools.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:fca194c8efad09aa5e7e618b7a20d1a6
URL:http://mcpbengaluru26.sched.com/event/fca194c8efad09aa5e7e618b7a20d1a6
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T052500Z
DTEND:20260609T055000Z
SUMMARY:Improving Reliability in MCP Applications Through Tool Design - Yashasvi Misra\, Pure Storage
DESCRIPTION:Modern MCP applications depend on tools to extend model capabilities\, yet tool interface design is a primary source of unreliability. Ambiguous descriptions\, poorly structured schemas\, and inconsistent outputs often lead to incorrect tool selection\, invalid inputs\, and unpredictable system behavior. This session introduces a practical framework for designing reliable MCP tools. We begin with a concise mental model of how language models interpret tool interfaces\, followed by real-world failure scenarios that expose common design pitfalls. Building on this\, we present design principles for clear naming\, well-defined schemas\, and structured outputs\, along with patterns for creating predictable and composable tools. The session concludes with a practical checklist and actionable guidelines that attendees can immediately apply to improve reliability\, reduce debugging complexity\, and build robust MCP applications in production environments.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:6106b9a1147e3fe4f1a4464736ae888c
URL:http://mcpbengaluru26.sched.com/event/6106b9a1147e3fe4f1a4464736ae888c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T052500Z
DTEND:20260609T055000Z
SUMMARY:MCP in Production: OAuth\, Session Isolation\, and Audit Trails for Remote Servers - Rajan Sharma\, Ispace INC
DESCRIPTION:MCP demos are easy. Production MCP is not. Once a remote MCP server touches real data or privileged actions\, a successful tool call is not enough. Teams need OAuth 2.1 done correctly\, least-privilege scopes\, protected resource metadata\, audience-bound tokens\, secure session handling\, gateway-aware controls\, and audit trails that explain who requested what and what the server actually did. This session turns MCP’s security guidance into a practical production blueprint. I’ll walk through how to secure remote MCP servers end to end: when authorization is required\, how to avoid token passthrough and over-broad scopes\, where session isolation fails\, what proxies and gateways must enforce\, and what to log for debugging\, compliance\, and incident response. Attendees will leave with a clear mental model\, a reference architecture\, and a concrete checklist for operating MCP clients\, servers\, and intermediaries safely in production.
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:10396b0e444267b557a714919083d158
URL:http://mcpbengaluru26.sched.com/event/10396b0e444267b557a714919083d158
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T055000Z
DTEND:20260609T061500Z
SUMMARY:Intelligence Placement Patterns for MCP-Connected Agent Systems - Giri Venkatesan\, Solace
DESCRIPTION:MCP standardizes how tools are described and invoked\, but not what they should return. That leaves a critical decision open: whether an MCP tool returns raw data\, shared state\, or decisions. That choice determines where intelligence lives. This talk presents three placement patterns in MCP tool design. Centralized Intelligence treats tools as data sources\, returning raw inputs agents must interpret. Streaming Intelligence exposes pre-processed state so agents operate on shared context. Edge Intelligence pushes decisions into tools\, with MCP delivering opinionated outputs rather than raw inputs. These patterns produce fundamentally different behavior across tool call volume\, context window usage\, latency\, and failure modes. In multi-agent systems they determine whether agents converge or diverge: raw data per agent leads to inconsistent reconstruction\; shared state or decisions make coherence a property of the architecture itself. This talk introduces a practical decision framework for MCP tool design based on data volatility\, agent reuse\, and consistency requirements. MCP is a tool contract. Intelligence placement is the architectural decision it doesn't make for you.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:3e9f5e4eb79f3644d372afcd913e3166
URL:http://mcpbengaluru26.sched.com/event/3e9f5e4eb79f3644d372afcd913e3166
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T055000Z
DTEND:20260609T061500Z
SUMMARY:From Alert To Revert: One MCP 500+ Tools for Production Triage and Real-world DevOps - Avinash Kumar Lodhi\, Coursehero
DESCRIPTION:What happens when your on-call agent can read Datadog metrics\, tail logs in groundcover\, pull pod state from Kubernetes\, and grep GitLab for the commit that broke prod\, all in one conversation? At Learneo we built one MCP endpoint that does that across 11 upstream servers\, 518 indexed tools\, and can manage multiple AWS accounts credentials. It changed how we triage incidents. I'll walk a synthetic incident end to end\, with redacted screenshots from real ones\, showing the agent go from alert to MR to revert. Key Takeaways: - Context: meta-tools and BM25 search keep the agent at about 1.5k tokens\, not 500 schemas\, and it pulls what it needs on demand - Routing: a company overview shipped as MCP instructions on connect points the agent at the right cluster and Jira project before it picks a tool - Memory: an agent-maintained company wiki for org structure\, data models\, and playbooks. The agent reads it and writes back what it learns - Security: centralized credentials and a write denylist so the agent can read everything without breaking anything Attendees will leave understanding both the value and the architecture for turning MCP into production-grade agent infrastructure.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:9c38e538c2e8024461b6166c7e91b39f
URL:http://mcpbengaluru26.sched.com/event/9c38e538c2e8024461b6166c7e91b39f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T061500Z
DTEND:20260609T064000Z
SUMMARY:Context-Aware MCP Servers for Small Language Models - Vivek Mankar\, Anto Ajay Raj John\, Stuti Sinha\, Reeva Nanda\, Nethra Khandige\, Pradipta Ghosh\, IBM
DESCRIPTION:Small Language Models are great for edge and cost-sensitive deployments\, but struggle with limited context windows. This talk shows how MCP servers can act as an external memory and context orchestration layer for SLMs. Based on a survey of 25+ long-context reasoning techniques\, we demo concrete implementations: episodic memory with surprise-based retrieval (EM-LLM-inspired)\, and a dynamic context orchestrator that picks between RAG\, summarization\, and sliding-window strategies based on query type and model capacity. This is a builder's guide to making small models punch above their weight via smart MCP-based context engineering.
CATEGORIES:BUILDING WITH MCP
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:e8880001f67629f054f33845ca0f3eac
URL:http://mcpbengaluru26.sched.com/event/e8880001f67629f054f33845ca0f3eac
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T061500Z
DTEND:20260609T064000Z
SUMMARY:OWASP MCP Top 10: A Practical Security Guide for MCP Builders - Sankalp Sandeep Paranjpe\, Big4 Consulting Firm; Dheeraj Choudhary\, AWS
DESCRIPTION:MCP adoption has outpaced security. An audit of 17 popular MCP servers found an average security score of 34 out of 100. Tool poisoning attacks succeed at 84.2% with auto-approval enabled. Over 30 CVEs have been filed against MCP implementations in the past 60 days. The first confirmed malicious MCP server\, postmark-mcp\, silently BCC'd every outgoing email to an attacker-controlled address for weeks before detection.\n \n OWASP responded with the MCP Top 10\, a structured threat taxonomy purpose-built for the protocol. This talk is a practitioner's walkthrough of all ten risks\, not a slide-read\, but a builder's guide to what each risk looks like in a real MCP deployment\, how it gets exploited\, and what a concrete fix looks like in code.\n \n We cover token mismanagement and secret exposure\, prompt injection via tool responses\, tool poisoning through malicious descriptions\, excessive permissions\, insecure output handling\, context over-sharing\, missing authentication\, rug-pull attacks\, shadow MCP servers\, and the audit trail gap.\n \n Leave with a pre-deployment security checklist you can run against any MCP server before connecting it to production.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:177e6af762476532ceb515ba686dda59
URL:http://mcpbengaluru26.sched.com/event/177e6af762476532ceb515ba686dda59
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T064000Z
DTEND:20260609T070500Z
SUMMARY:Designing a Control Plane for Agentic Systems Using MCP - Malepati Bala Siva Sai Akhil\, Couchbase
DESCRIPTION:As MCP-based systems grow in complexity\, standardizing tool interaction alone is not enough to ensure reliable execution.\n \n This talk introduces a control-plane perspective for MCP-based systems\, grounded in distributed systems principles such as scheduling\, retries\, idempotency\, and fault isolation. Coordinating multi-step workflows across MCP servers introduces challenges such as partial failures\, inconsistent state\, and retry behavior that can escalate under load.\n \n The focus is on how a control plane actively manages execution\, including deciding when and how tool calls are made\, handling failures dynamically\, and coordinating workflows across multiple services. It also examines how centralized control improves reliability and consistency in complex MCP-based systems.\n \n Attendees will gain concrete mental models for building scalable and reliable MCP-based systems.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:46767cdf97c5830e1e1acd968fe2ac6c
URL:http://mcpbengaluru26.sched.com/event/46767cdf97c5830e1e1acd968fe2ac6c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T064000Z
DTEND:20260609T070500Z
SUMMARY:From SSE To Streamable HTTP: What Actually Changed in MCP's Transport Layer and Why You Should Care - Animesh Pathak\, Harness Inc
DESCRIPTION:When I started building MCP-powered agents and Claude Skills at Harness\, I kept running into weird transport issues\, connections dropping behind load balancers\, SSE endpoints behaving differently across clients\, tutorials that contradicted the actual spec. Turns out\, MCP's transport layer had quietly gone through a major overhaul and most of the content out there hadn't caught up. In this talk\, I'll walk through MCP's transport journey\, stdio for local tooling\, the dual-endpoint SSE model that powered early remote servers\, and the Streamable HTTP design that replaced it in the March 2025 spec update. More importantly\, I'll explain why each shift happened: the scaling headaches SSE caused\, the connection recovery gap\, and the auth/CORS simplifications that Streamable HTTP unlocked. I'll share code from actual migrations I've worked through\, what breaks when you switch\, what gets simpler\, and the backward-compatibility gotchas that the docs don't warn you about. If you're building or maintaining MCP servers today\, this should save you a few weekends of debugging.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:748dbe5bd99811147e43100d35633f31
URL:http://mcpbengaluru26.sched.com/event/748dbe5bd99811147e43100d35633f31
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T070500Z
DTEND:20260609T083500Z
SUMMARY:Attendee Lunch
DESCRIPTION:\n
CATEGORIES:BREAKS + MEALS + SPECIAL EVENTS
LOCATION:Convention Hall Foyer\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:f6559d229159ba04fbfd37c9324e24fb
URL:http://mcpbengaluru26.sched.com/event/f6559d229159ba04fbfd37c9324e24fb
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T084500Z
DTEND:20260609T094000Z
SUMMARY:Keynotes To Be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:72b703ac19e27b837c29b4ed439c8c9b
URL:http://mcpbengaluru26.sched.com/event/72b703ac19e27b837c29b4ed439c8c9b
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T095000Z
DTEND:20260609T101500Z
SUMMARY:Voice-First MCP: Real-Time Tool Calling Through a Spoken Interface - Samyuktha Mohan Alagiri\, IBM
DESCRIPTION:Every MCP demo assumes text in and text out. This talk explores what actually happens when you replace the text interface with a live voice stream.\n Connecting a real-time voice pipeline to an MCP-backed agent introduces problems that the current MCP ecosystem has no established answers for. This talk walks through them one by one: end-of-turn detection and how tool-calling latency affects perceived conversational fluency\, interruption handling when a user speaks while a tool is executing\, tool result verbalization where structured JSON responses need to be narrated naturally without losing meaning\, and error communication when a tool fails mid-conversation.\n The talk is grounded in a working system built with a real-time voice layer\, Sarvam AI for speech processing\, and MCP-connected agents handling live tool calls. Attendees will see a live demo and leave with an architectural blueprint for voice-first MCP agents\, including the specific latency budgets\, buffering strategies\, and verbalization patterns that make the experience feel natural rather than robotic.\n This is a frontier that very few builders have shipped in production.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:5e08bd939cd91ec9f6a65557ef85ff70
URL:http://mcpbengaluru26.sched.com/event/5e08bd939cd91ec9f6a65557ef85ff70
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T095000Z
DTEND:20260609T105000Z
SUMMARY:Workshop: Hands-on Lab: Bridging OpenClaw and MCP for Autonomous Cross-Cloud Operations - Paras Mamgain & Anmol Krishan Sachdeva\, Google; Indumathy Thisgarajan\, Wells Fargo
DESCRIPTION:**Space Limited - First Come\, First Served. &nbsp\;Please bring a fully charged laptop to the workshop**\n\nScaling autonomous agents across multi-cloud infrastructure is currently a mess of proprietary SDKs and brittle "glue code." This workshop provides a technical build-path to standardize operations using orchestration frameworks (like OpenClaw) and the Model Context Protocol (MCP) as a provider-agnostic abstraction layer. We will move beyond theoretical planning to build a functional "Agentic SRE" control plane that decouples reasoning from execution across AWS and GCP.\n \n Implementation Workflow:\n \n - Initialization: Bootstrapping the pre-configured DevContainer and linking the orchestration engine to the local MCP server environment to establish the communication backbone.\n \n - Resource Abstraction: Developing stateless MCP Resources and Tools to discover VPC and compute metadata across disparate cloud providers\, replacing $O(N)$ proprietary dependencies with an $O(1)$ protocol interface.\n \n - Identity Implementation: Configuring Workload Identity Federation (OIDC) to securely propagate agent context.\n \n - Guardrail Integration: Coding a protocol-level interceptor\n \n - Closing & Validation: Running a live "Drift-to-Remediation" loop where the agent identifies a security anomaly.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:c275fd316f5106552d6b8f04f0bad195
URL:http://mcpbengaluru26.sched.com/event/c275fd316f5106552d6b8f04f0bad195
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T095000Z
DTEND:20260609T101500Z
SUMMARY:Dead Runbooks\, Dangerous Agents\, and the Security Model That Saved Us - Koti Vellanki\, TransUnion
DESCRIPTION:We had 47 runbooks in Confluence. During incidents nobody used them. So I converted them into MCP server tools where an agent picks the right steps based on what it sees in the cluster.\n This was working fine until two things went wrong.\n One\, the MCP server had the same service account as our CI pipeline. Too many permissions. Agent went and listed every secret in the namespace. It wasn't doing anything wrong\, just had access it should not have. That's when I understood MCP has no security story for infra tools.\n Two\, at 3 AM the agent connected two unrelated alerts\, restarted the wrong deployment\, and a small incident became bigger.\n I fixed both. Built OPA policy gates that check every tool call before execution. RBAC is now per tool\, not per server. Tokens last five minutes and expire after one action. After the 3 AM incident I added blast-radius checks and human approval for destructive operations.\n In the demo I walk through an agent diagnosing a pod failure\, clearing policy\, running with a scoped token\, and logging an audit trail. Then it tries something it should not and gets blocked.\n This talk is about what it actually takes to give an agent kubectl access safely.
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:14a65d73eeae0ddfe7259a4fa4a48099
URL:http://mcpbengaluru26.sched.com/event/14a65d73eeae0ddfe7259a4fa4a48099
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T101500Z
DTEND:20260609T104000Z
SUMMARY:Putting MCP on a Diet: A Proxy for Tool Scoping and Context Compression - Prathamesh Saraf\, Truefoundry
DESCRIPTION:Connect three MCP servers and 55\,000 tokens are consumed before the agent reads the user's query. Perplexity's CTO called this out at Ask 2026. Cloudflare measured 244\,000 tokens for their API surface. The protocol isn't the problem. The "load everything upfront" pattern is. FastMCP Code Mode solves this server-side\, but requires the server author to opt in. Most MCP servers in the wild will never add it. I'm currently building mcp-guardian\, an open-source Python proxy that addresses this for any server\, unmodified. It will do two things: 1. Tool scoping: filter tools/list against a YAML config so agents only see allowed tools. delete_repo won't exist in the agent's world. 2. Progressive disclosure: expose three meta-tools (search_tools\, get_schema\, execute_tool) instead of full schemas. Agents will start at ~300 tokens instead of ~8\,000 and load schemas on demand. I'll live-demo: direct connection (14 tools\, ~8\,000 tokens) vs through the proxy (3 meta-tools\, ~300 tokens). I'll walk through the JSON-RPC interception\, share token benchmarks\, and compare with Code Mode. They're complementary\, not competing. The project will be open source.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:934068d7697c78e6fa848b658f04b895
URL:http://mcpbengaluru26.sched.com/event/934068d7697c78e6fa848b658f04b895
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T101500Z
DTEND:20260609T104000Z
SUMMARY:InstaMCP: Instant MCP-ification of Enterprise APIs - Rupal Sharma & Ujjal Sharma\, Nutanix
DESCRIPTION:This session introduces InstaMCP\, a common platform designed to instantly "MCP-ify" enterprise APIs and eliminate the need for redundant "glue code" currently required to connect LLMs to internal products. This solution addresses siloed AI integrations and maintenance bottlenecks within large SaaS ecosystems. InstaMCP automatically ingests Swagger/OpenAPI specifications to generate fully deployable\, secure Model Context Protocol (MCP) servers in minutes. It moves beyond simple 1:1 API mapping by providing a visual\, low-code interface for developers to stitch multiple APIs into complex\, multi-step workflow tools for seamless agent execution. Attendees will explore the platform's architecture\, automated MCP server generation\, and how it addresses the critical "security blindspot" by accommodating token-exchange and other guardrails.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:cd36aaeebccfab1f283464274b669e93
URL:http://mcpbengaluru26.sched.com/event/cd36aaeebccfab1f283464274b669e93
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T104000Z
DTEND:20260609T110500Z
SUMMARY:Cloud-engineer-mcp: Implementing the Gateway Pattern for Multi-Cloud MCP Orchestration - Aniruddha Biyani\, Prophecy
DESCRIPTION:As the Model Context Protocol (MCP) matures\, enterprises face a "Connectivity Gap": the $M \times N$ integration problem has shifted from a development crisis to an operational one characterized by context window bloat and fragmented identity management. While the protocol simplifies 1:1 connections\, orchestrating a fleet of agents across AWS\, GCP\, and Azure requires a centralized intermediary to govern tool discovery and secure credential propagation. This session presents cloud-engineer-mcp\, an open-source implementation of the MCP Gateway Pattern. We will dive into the technical challenges of aggregating official CSP-specific servers—AWS\, Azure\, and GCP—behind a single interface while maintaining high performance. The talk focuses on two core architectural innovations: Embedding-based Semantic Similarity (using local models like all-MiniLM-L6-v2) to surface only the most relevant top-K tools for a conversation\, and Multi-Transport Support that allows the gateway to bridge local stdio environments (like Cursor or VS Code) with remote Streamable HTTP deployments.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:cfca36e291719b2b3b7ab80fc2417b51
URL:http://mcpbengaluru26.sched.com/event/cfca36e291719b2b3b7ab80fc2417b51
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T104000Z
DTEND:20260609T110500Z
SUMMARY:MCP Schema Evolution: Versioning Tool Contracts Without Breaking Agents - Yogesh Sardana\, Admiral Group PLC
DESCRIPTION:This is not just about Admiral Group PLC but for every organisation\, tool schemas in MCP evolve as platforms change parameters get renamed\, new required fields are added\, response shapes shift. Agents built against an older schema break silently\, produce incorrect results\, or enter undefined behavior\, and there is no established SemVer discipline for MCP tools today. This session proposes a practical versioning specification for MCP tool definitions covering additive-only change policies\, explicit deprecation signals embedded in tool metadata\, capability negotiation via request headers\, and client-side schema compatibility layers. The session demonstrates these patterns with a real Kubernetes tool server that ships v1 and v2 tool definitions side by side\, with running agents targeting each version independently\, and a live migration showing how a breaking change is introduced and absorbed without downtime.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:5ee48fec695d1e919837b72daa271f16
URL:http://mcpbengaluru26.sched.com/event/5ee48fec695d1e919837b72daa271f16
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T111000Z
DTEND:20260609T114000Z
SUMMARY:Afternoon Break
DESCRIPTION:\n
CATEGORIES:BREAKS + MEALS + SPECIAL EVENTS
LOCATION:Convention Hall Foyer\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:2916350591e47c63643d8f978fbff370
URL:http://mcpbengaluru26.sched.com/event/2916350591e47c63643d8f978fbff370
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T114500Z
DTEND:20260609T121000Z
SUMMARY:MCP Resources Are Already a Knowledge Graph - You Are Just Not Reading the Headers - Kesigan Anbalagan\, Comcast
DESCRIPTION:Most retrieval systems ignore the structure MCP Resources already provide unique URIs\, typed links\, version metadata\, timestamps and flatten everything into vector chunks. GraphRAG proved retrieval needs relational structure\; MCP already has it natively.\n This talk demonstrates with a live adversarial demo: a vanilla RAG agent and a Resource-graph agent answer the same questions against the same corpus. RAG works on single-hop queries. It confidently returns stale data when a superseded document exists. The graph agent catches the version conflict using last-modified metadata that was already there. When the graph has a broken link\, it reports the dead end instead of hallucinating.\n A hop-count benchmark across seven questions (1–5 hops) makes the gap measurable: at three hops\, RAG hit rate dropped to 50% while graph traversal held at 100%.\n The primary deliverable is a draft cross-reference metadata convention four optional fields (superseded_by\, depends_on\, implements\, compliance_scope) that any MCP Resource provider can add without breaking existing consumers. The goal: make knowledge as navigable for AI agents as hypertext made the web for people.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:3b94c0f3e44aa523fe622ddc0bd84b30
URL:http://mcpbengaluru26.sched.com/event/3b94c0f3e44aa523fe622ddc0bd84b30
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T114500Z
DTEND:20260609T124500Z
SUMMARY:Workshop: Enabling MCP at Enterprise Scale: Navigating Authentication and Governance Challenges - Shannon Williams & Chris Urwin\, Obot AI
DESCRIPTION:**Space Limited - First Come\, First Served. &nbsp\;Please bring a fully charged laptop to the workshop**\n\nEnterprise adoption of the Model Context Protocol is accelerating — but the path from "MCP works on my laptop" to "MCP running securely across our organization" is windy and challenging.\n Building MCP servers isn't particularly hard. The real challenges are OAuth\, identity sprawl\, and the governance requirements your security team will eventually land on your desk.\n MCP servers should focus on tools\, resources\, and prompts — not rebuilding OAuth infrastructure from scratch every time. A dedicated identity and governance control plane absorbs that complexity once\, rather than forcing every server to solve it independently.\n In this workshop\, we will:\n 1. Demonstrate how to integrated MCP servers with identity management tools\n 2. Show how to tailor MCP authorization by groups and policies.\n 3. Work through real governance scenarios by filtering MCP calls for PII or code injection.\n 4. Demonstrate how MCP traffic can be captured via an MCP gateway and used for compliance\, monitoring and observability.\n \n You'll leave with a clear picture of the architectural decisions ahead of you\, and a better sense of what your security team is going to ask for before they sign off on scaling MCP adoption.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:0826b41c8055c38fe7250ba3a6168923
URL:http://mcpbengaluru26.sched.com/event/0826b41c8055c38fe7250ba3a6168923
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T114500Z
DTEND:20260609T121000Z
SUMMARY:MCPeek Into Your Server's Secrets - Akash Sathish\, Sahaj Software
DESCRIPTION:Most "MCP security scanners" are wrappers around npm audit and regex keyword rules. A November 2025 research survey showed 0% detection on TypeScript servers because the underlying tools never parse the AST and two-thirds of public MCP servers ship in TypeScript. This talk walks through building an AST pipeline using ts-morph that catches what keyword rules miss: path traversal through fs wrapper functions\, command injection even when the command is assembled across intermediate variables\, SSRF through aliased URL parameters\, and tool handlers registered without any schema validation. The key technical contribution is multi-pass taint tracking following a user parameter through variable aliases before reaching a dangerous sink\, which eliminates the false-negative class that makes regex rules useless. Audited against more than 50 MCP servers. Attendees leave with: (1) the open-source MCPeek ruleset to drop into CI\, (2) a decision framework for choosing SAST depth per vulnerability class\, (3) the taint-tracking pattern for building MCP-aware rules in any language. Link to MCPeek: https://github.com/iamakash-06/MCPeek NPM Package: https://www.npmjs.com/package/mcpeek
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:3652a5d460ee3ad2a505cc3c7eea6f07
URL:http://mcpbengaluru26.sched.com/event/3652a5d460ee3ad2a505cc3c7eea6f07
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T121000Z
DTEND:20260609T123500Z
SUMMARY:MCP Servers on Kubernetes: Deployment Patterns\, Scaling\, and What Breaks - Kunal Das\, Cast Ai
DESCRIPTION:Most MCP talks focus on the protocol or the AI side. This one is about the infrastructure underneath. I run MCP servers on Kubernetes\, and I've hit enough weird failure modes to have opinions about it. This talk covers how to deploy MCP servers as containerized workloads: health checks that actually make sense for long-lived agent connections\, resource limits that don't starve your servers mid-conversation\, and what happens when an agent decides to call 200 tools in a loop. I'll walk through deployment patterns I've tested. Sidecars vs standalone pods\, service mesh routing for multi-tenant setups\, and HPA configurations that don't flap every time an agent goes quiet. I'll also cover the stuff that broke: connection drops during rolling updates\, memory leaks from unbounded context\, and the time a misconfigured liveness probe took down every MCP server in the cluster. Expect a live demo on a real cluster\, real YAML\, and zero slides about what MCP stands for.
CATEGORIES:ECOSYSTEM REGISTRIES + PLATFORM INFRASTRUCTURE
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:55c80cdd527bbb907f33252f7bbeaa65
URL:http://mcpbengaluru26.sched.com/event/55c80cdd527bbb907f33252f7bbeaa65
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T121000Z
DTEND:20260609T123500Z
SUMMARY:When MCP Meets Reality: Performance\, Latency\, and the Hidden Cost of AI Orchestration in Enterprises - Partha Sarthy\, Applied Materials
DESCRIPTION:MCP enables powerful AI-driven workflows — but production enterprise systems have SLAs\, throughput contracts\, and years of performance tuning. Wiring a reasoning loop into that environment reveals costs that don't show up in demos: latency amplification from sequential tool invocations\, data movement overhead across system boundaries\, schema drift\, and observability gaps that span model reasoning and distributed backends. This talk takes a systems-engineering lens to MCP in enterprise-scale data platforms. We formalize the MCP execution pipeline\, identify where overhead accumulates\, and present architectural patterns that contain the cost — including isolating orchestration from hot paths\, fronting high-performance backends with thin MCP adapters over gRPC\, and tracing multi-step workflows end to end. The central argument: MCP belongs on the control plane\, not the data plane. Enforce that boundary\, and you gain adaptive orchestration without sacrificing reliability. Cross it\, and predictability erodes fast. Attendees leave with a latency model\, a failure-mode taxonomy\, and a practical framework for deploying MCP in production — deliberately\, not by accident.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:3426aa428007b911424320060bff9fb2
URL:http://mcpbengaluru26.sched.com/event/3426aa428007b911424320060bff9fb2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T123500Z
DTEND:20260609T130000Z
SUMMARY:MCP + Kubernetes: Building a Self-Healing AI Platform (Not Just Pipelines) - Raghu Reddy\, Calix & Esakki Raj E\, Cisco
DESCRIPTION:Most teams treat MCP as a pipeline\, and that is the problem. Pipelines fail silently. They have no concept of desired state\, no reconciliation loop\, and no recovery path when a model times out or a tool call returns garbage. You are essentially writing bash scripts with an LLM in the middle. Kubernetes already solved this. The operator pattern gives you level-triggered reconciliation\, retry logic with backoff\, and declarative desired state baked into the control plane. Combine that with MCP's tool abstraction and you stop writing pipelines and start building platforms where AI workflows are first-class resources that the cluster actively keeps healthy. GitOps via ArgoCD means your model routing\, fallback configurations\, and tool permissions are version-controlled\, auditable\, and promotable across environments like any other workload. We will cover: modeling MCP workflows as Kubernetes custom resources\, building operators that reconcile AI workflow state including fallback model selection and tool availability\, wiring ArgoCD to manage MCP server deployments and configuration drift\, and the observability hooks you need to actually trust that self-healing fired correctly.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:6732a8fe988f48aa70bf78ac56658b81
URL:http://mcpbengaluru26.sched.com/event/6732a8fe988f48aa70bf78ac56658b81
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T123500Z
DTEND:20260609T130000Z
SUMMARY:When Dashboards Lie: Building MCP Tools That Chase Down the Truth - Hrittik Roy & Saiyam Pathak\, vCluster
DESCRIPTION:Dashboards lie. Not maliciously\, structurally. Aggregation hides the tenant on fire. Sampling drops slow requests. The p99 looks fine because 47 users who timed out are a rounding error. Every SRE has lived this: green screen\, Slack on fire\, hunting across five tools to find what the dashboard refused to show.\n \n This is a field report from building MCP tools that do the hunting. The agent does not replace the SRE. It does the grunt work nobody has time for at 3 AM: pulling exemplar logs for the slowest 0.1 percent\, correlating a deploy against error rates\, checking if the metric was even reporting.\n \n 1. Why dashboards lie. Sampling\, aggregation\, the "aggregate green\, individual red" pattern.\n 2. MCP tool design for truth-seeking. Read-only vs side-effecting split\, partial-data schemas\, outputs that make the model admit uncertainty instead of hallucinating "all good."\n 3. Correlation loops that work. Deploy to error rate to exemplar logs to suspected change\, not seventeen tabs.\n 4. Guardrails from production. Prompt injection in logs\, cost blow-ups\, tools we took back after one bad incident.\n \n Attendees leave with patterns for MCP tools that chase down what dashboards will not show.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:a878834b7103c9e9517b78f01ddedbac
URL:http://mcpbengaluru26.sched.com/event/a878834b7103c9e9517b78f01ddedbac
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260609T125500Z
DTEND:20260609T142000Z
SUMMARY:Attendee Reception
DESCRIPTION:\n
CATEGORIES:BREAKS + MEALS + SPECIAL EVENTS
LOCATION:Convention Hall Foyer\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:996caa39984928b611b045df604b81c6
URL:http://mcpbengaluru26.sched.com/event/996caa39984928b611b045df604b81c6
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T033000Z
DTEND:20260610T123000Z
SUMMARY:Zen Zone
DESCRIPTION:\n
CATEGORIES:
LOCATION:Tulip\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:5d93cd1ceb168a168088b3ea83924a58
URL:http://mcpbengaluru26.sched.com/event/5d93cd1ceb168a168088b3ea83924a58
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T033000Z
DTEND:20260610T130000Z
SUMMARY:Solutions Showcase
DESCRIPTION:\n
CATEGORIES:EXHIBITS
LOCATION:Convention Hall Foyer\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:afb11b16f37ea2dcf45254e2807e8e6f
URL:http://mcpbengaluru26.sched.com/event/afb11b16f37ea2dcf45254e2807e8e6f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T033000Z
DTEND:20260610T123000Z
SUMMARY:Registration & Badge Pick-Up
DESCRIPTION:\n
CATEGORIES:REGISTRATION
LOCATION:Convention Hall Main Entry\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:16355a1e9f37f4b6b7667ef1859fce94
URL:http://mcpbengaluru26.sched.com/event/16355a1e9f37f4b6b7667ef1859fce94
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T040000Z
DTEND:20260610T045500Z
SUMMARY:Keynotes To Be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:935ca0f0c6a7d774d1830c995e83c7a5
URL:http://mcpbengaluru26.sched.com/event/935ca0f0c6a7d774d1830c995e83c7a5
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T045500Z
DTEND:20260610T053000Z
SUMMARY:Morning Break
DESCRIPTION:\n
CATEGORIES:BREAKS + MEALS + SPECIAL EVENTS
LOCATION:Convention Hall Foyer\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:083ceed3908168aed380a0f9cb780cb9
URL:http://mcpbengaluru26.sched.com/event/083ceed3908168aed380a0f9cb780cb9
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T053000Z
DTEND:20260610T055500Z
SUMMARY:From Intent To Production: MCP Gateway Patterns for Regulated Banking - Hariskumar Panakkal\, Wipro
DESCRIPTION:I spent the last year building agentic systems with MCP and MCP Gateway\, and want to share what I learned — especially the things you only hit when you try to build for a real\, regulated domain. The build is a four-part system: a React portal\, a LangGraph agent\, Microsoft MCP Gateway as the front door\, and a FastMCP server with 19 tools behind it. This talk walks through how the pieces fit together and the specific patterns that worked. What I'll cover: - How I structured MCP tools with Pydantic schemas\, idempotency keys\, and correlation IDs that travel through every layer - Why my first three gateway deployments failed and how the mcp-session-id header fixed stateful tool routing through MCP Gateway - A simple tool wrapper pattern that keeps sensitive data like SSN out of the LLM context while the agent still reasons about the workflow - Why I made consent its own MCP tool with a signed receipt instead of bundling it into submit - Three gaps I hit in MCP and the gateway and how I worked around them — honest notes for the community If you're building with MCP and MCP Gateway and heading toward anything production-grade\, these are the patterns I wish I'd had going in.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:3c99575c12fe415cc6e36ff046859cb0
URL:http://mcpbengaluru26.sched.com/event/3c99575c12fe415cc6e36ff046859cb0
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T053000Z
DTEND:20260610T055500Z
SUMMARY:Beyond Tools and Resources: A Deep Dive into MCP Sampling for Agentic Features - Kevin Vaz\, Smartbear
DESCRIPTION:Most MCP servers are one-shot: the client asks\, the server answers. But some features need the server to reason mid-execution like summarise a diff before returning it\, classify input to pick the next step\, recover from ambiguity instead of failing\, generating new data. That's what sampling unlocks: the server calls back into the host's LLM\, without ever holding its own model keys. This deep dive walks through sampling/createMessage feature provided by the mcp protocol and its internals messages\, modelPreferences\, includeContext\, systemPrompt — and what the client is actually allowed to modify. We'll cover capability negotiation and the human-in-the-loop approval flow\, then step through how sampling patterns are actually built in the smartbear-mcp server\, using its implementations over there to understand how one could build their own sampling features. Then the hard parts: agent loops\, token-budget blowups\, portability across clients using different model providers. You'll leave knowing when sampling beats tools or elicitation\, and with patterns you can lift today.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:f72f5f5c6b7821e366cb3a5b98b95e55
URL:http://mcpbengaluru26.sched.com/event/f72f5f5c6b7821e366cb3a5b98b95e55
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T053000Z
DTEND:20260610T055500Z
SUMMARY:"Allowed To" Is Not Enough: Access Control That Understands What Your Agent Is Actually Doing - Tejas Ladhani\, Motorola Solutions Inc & Chandrashekar Haleupparahalli\, Motorola Solutions
DESCRIPTION:Every agent today answers one question at the auth layer: is this agent allowed to do this? Wrong question. The real one: is it doing something consistent with what the user asked - right now\, in this step? These aren't the same\, and the gap is where things break. Today's auth was built for humans logging into apps: roles and scopes that persist regardless of what the agent is actually attempting. Tell an agent to "read this PDF and send the pointers to my team." The PDF hides an instruction: also forward the thread to an external address. The agent fires two sends - one legit\, one exfiltration. Same token. Same checks. Role-based auth can't tell them apart because it never knew the agent's job. This talk closes that gap. We'll trace why every prior access model assumed a stable human actor - and why that collapses when agents delegate to agents. We'll introduce Intent-Based Access Control: decisions that reflect not just what an agent may do\, but what it's trying to do right now. We'll cover emerging standards like transaction tokens and richer auth context\, plus concrete steps to ship intent-aware access in MCP flows today.
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:e7c55cfc5a0ed38f915ff101d1cae636
URL:http://mcpbengaluru26.sched.com/event/e7c55cfc5a0ed38f915ff101d1cae636
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T055500Z
DTEND:20260610T062000Z
SUMMARY:Building Interactive Tools With MCP Elicitation - Ashwin Hariharan\, Redis
DESCRIPTION:Most of us think of agent tools as vending machines - you put in the right input\, you get the right output. Put in the wrong input\, and you either get the wrong output or nothing at all. This breaks for complex workflows where context is incomplete or intent is ambiguous. The tool either guesses wrong or fails outright. No back-and-forth\, no clarification. Good AI tools built for conversation should explain what they need\, what they'll do\, and provide clear options. In this session\, we’ll look at how MCP elicitation works in practice across different workflows: covering ambiguous input\, missing context\, risky operations\, and auth flows. Attendees will leave with concrete patterns for designing tools that go beyond transactional APIs to collaborative multi-turn interactions.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:5f147cd840583c3be34afff6ed8a1226
URL:http://mcpbengaluru26.sched.com/event/5f147cd840583c3be34afff6ed8a1226
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T055500Z
DTEND:20260610T062000Z
SUMMARY:Closing the Loop on Observability: Using MCP for Continuous Telemetry Optimization - Parthiv Roshan Menon\, Smarsh
DESCRIPTION:Modern observability stacks make it easy to collect telemetry\, but not to derive value from it. Teams accumulate unused metrics\, high-cardinality signals\, and noisy dashboards\, leading to rising costs and poor signal quality. This talk introduces a practical mental model inspired by the Rumsfeld Quadrant to reason about observability in terms of signals we measure vs signals we actually use. In our analysis of a our Observability stack\, nearly 70% of collected signals showed little to no usage\, reflecting a Pareto-like distribution of signal value. We present a closed-loop approach that we used to analyze observability metadata and continuously optimize the system. MCP was used as the coordination layer to expose metadata and connect analysis\, reasoning\, and action workflows. We will walk through how low-value signals were identified\, how recommendations were generated and applied in a real-world large scale observability platform.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:b0241dbb870d57b84dda9272caafdd71
URL:http://mcpbengaluru26.sched.com/event/b0241dbb870d57b84dda9272caafdd71
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T055500Z
DTEND:20260610T062000Z
SUMMARY:SEO for Agents: Designing MCP Endpoints That Let Agents Evaluate Each Other Before Transacting - Manav Agarwal\, Dream11
DESCRIPTION:When humans hire someone\, they ask questions first. Check reviews\, compare\, negotiate. AI agents can't do any of this. An MCP flight booking server says: "I book flights." Another agent can't ask: How many routes? Success rate? Can you get business class upgrades? I tore down top MCP servers across mcp.so\, Smithery\, Glama\, PulseMCP. The #1 server has 52K stars but exposes 47 capabilities with zero verifiable metrics. Tool schema: 1\,020 tokens of bloat. The problem: MCP tool schemas describe WHAT but not HOW WELL. No capability layer for agents to evaluate each other before committing. What's needed — structured capability endpoints: "I book flights" → 147 routes\, 96.2% completion\, 23% avg savings → Business class upgrades: 340 secured\, 41% success → Savings by route queryable\, methodology documented → Full transaction log for independent verification Exposed as MCP resource endpoints — capability/summary returns structured metrics\, capability/evidence/{tool} returns methodology\, capability/raw/{tool} returns verifiable logs. I'll show real endpoint teardowns\, what's missing from tool schemas\, and a draft capability-metadata spec builders can implement.
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:fd0c3a188641c65e329b415fc42be073
URL:http://mcpbengaluru26.sched.com/event/fd0c3a188641c65e329b415fc42be073
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T062000Z
DTEND:20260610T064500Z
SUMMARY:Running MCP Fully Local: Private\, Offline-Capable Agents With Ollama and Open Models - Harish Kotra\, Forge Alumnus
DESCRIPTION:Over the last few months I've built and shipped 100+ agents in public\, many wired into MCP servers running against local models through Ollama\, LM Studio\, and decentralized open-source inference. A draw.io MCP server driven by Llama 3.2\, an Excalidraw MCP integration\, a Bright Data MCP briefing agent\, all running end-to-end without a single token leaving the host. This talk is a working engineer's tour of that stack. We'll walk through a minimal local MCP setup (server + client + Ollama) and then dig into the real-world failure modes: tool-selection collapse on 7B models\, JSON-schema compliance gaps\, capability-negotiation mismatches\, and the surprisingly large quality delta between structured-output fine-tunes and general chat models. I'll share the prompt shapes\, tool-description patterns\, and schema-validation tricks that reliably push small open models from "demo-grade" to "I'd ship this internally." Attendees will leave with a reference architecture for private MCP\, a shortlist of open models that actually handle tool calls well today\, and a set of design patterns for MCP servers that degrade gracefully when the client LLM has 8B parameters instead of a trillion.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:1272c5bef6ba71a0bde5be7b8d48fdc2
URL:http://mcpbengaluru26.sched.com/event/1272c5bef6ba71a0bde5be7b8d48fdc2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T062000Z
DTEND:20260610T064500Z
SUMMARY:From MCP Discovery To Execution: Building a Governed Marketplace & Gateway for Agentic Systems - Rahul Ganesh Partheeban\, Freshworks
DESCRIPTION:We started building an MCP gateway in early 2025\, when the spec was still maturing\, and there were no established patterns for multi-tenant enterprise implementation. This talk will delve into the key patterns we used for taking MCP from POC to Production. We'll also cover layering MCP as a gateway over an existing platform: - Propagating tenant context through the MCP handshake\, so a single gateway can safely serve thousands of accounts. - Decoupling session state from pod affinity with a distributed session store — needed for horizontal auto-scaling and safe rolling deploys. - A three-tier error model (protocol/gateway/application) so agents classify failures and retry intelligently. - A sub-registry that extends the registry with vetting and curates trusted Remote MCP servers with per-tenant install state. - Multi-tenant session and secret management with One-click install and OAuth 2.1 + Dynamic Client Registration handled by the marketplace\, not by every AI client. - MCP gateway that proxies to remote servers under shared FUP\, rate limits\, retries/circuit-breaking\, and analytics - handling a black-box third-party server with guardrails.
CATEGORIES:ECOSYSTEM REGISTRIES + PLATFORM INFRASTRUCTURE
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:73b49c958839d168e60d5f82db6b9034
URL:http://mcpbengaluru26.sched.com/event/73b49c958839d168e60d5f82db6b9034
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T062000Z
DTEND:20260610T064500Z
SUMMARY:Ambient Identity: Just-in-Time Authorization Patterns for the Model Context Protocol - Ayesha Dissanayaka\, WSO2
DESCRIPTION:As the Model Context Protocol (MCP) matures\, we face a critical security hurdle: how do ambient agents that are running in the background or on headless devices securely access sensitive resources without constant manual intervention? Standard OAuth flows often break the "ambient" experience by requiring immediate browser redirects on the same device. This session proposes a decentralized identity architecture using Client-Initiated Backchannel Authentication (CIBA). By decoupling the consumption of resources from the authorization flow\, an MCP client can trigger a "just-in-time" permission request directly to a user's trusted mobile device. Key Takeaways: - Decoupled Auth: Implementing CIBA to bridge the gap between headless MCP clients and human controllers. - Just-in-Time delegations: Moving from "all-or-nothing" API keys to granular\, session-based permissions. - Security Patterns: Handling asynchronous "Out-of-Band" callbacks within the MCP lifecycle. Join us to explore how we can make background agents both powerful and respectful of the "human-in-the-loop" principle.
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:c6c1e69c999b82a3025bbb06bc1f2a9a
URL:http://mcpbengaluru26.sched.com/event/c6c1e69c999b82a3025bbb06bc1f2a9a
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T064500Z
DTEND:20260610T071000Z
SUMMARY:Agents Don't Fail\, Environments Do: Lessons From Production MCP Deployments in Telecom - Divya Vijay\, NetoAI
DESCRIPTION:At NetoAI we build AI agents for telecom network operations. Our Rapid Root Cause Analysis Agent\, built on our open-source TSLAM models (22k+ HF downloads)\, runs against live operator networks. When we moved to MCP as the tool-interface layer\, agents that passed eval started breaking weeks after production launch. The model\, prompts\, retrieval\, none were root cause. The tool environment itself was. So we built a digital-twin simulation of our production telecom domain and stress-tested MCP agents across four axes: 1). tool-set scale 2). task complexity 3). persona variability 4). deterministic repetition. Tool-selection accuracy is near-perfect up to ~20 exposed tools\, then collapses. One bad early dependency step cascades the whole workflow. I'll walk through the seven failure patterns we kept hitting\, including Tool Selection Collapse and Cascading Fragility\, the three architectural root causes behind them\, and the task-scoping and dependency-aware fixes that worked. You leave with a pre-launch methodology for your own MCP servers vendor-neutral\, applicable to any dependency-dense domain.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:fc742a6dfe0c119b100d051b0d31635f
URL:http://mcpbengaluru26.sched.com/event/fc742a6dfe0c119b100d051b0d31635f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T064500Z
DTEND:20260610T071000Z
SUMMARY:One MCP Server\, Five Languages\, Zero Containers - Bharath Nallapeta\, Mirantis Inc.
DESCRIPTION:In 2013\, shipping a Python service meant picking a base OS\, writing an initscript\, and fighting pip against the system package manager. Docker made it one command. Twelve years later\, shipping an MCP server still feels pre-Docker — pick a language\, spin up a process\, hope the dependencies cooperate. The WebAssembly Component Model quietly shipped the pieces it was missing in 2023. wasmcp\, Microsoft Wassette\, and Fermyon Spin now compose a single MCP server from Python tools that use pandas\, TypeScript tools that use Zod\, and Rust middleware that uses Regorus. One process. Hard isolation between components. One signed artifact\, distributed through OCI registries\, cold-starting in the low milliseconds. This is a live-demo talk. I'll build a polyglot MCP server on stage\, push it to a registry\, and run the same bytes in four environments — a Kubernetes pod\, a Spin function\, a browser tab\, and a Raspberry Pi. And I'll be honest about what WASM still can't do.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:140592e3ca51c1ab3c40e6a9f0a12117
URL:http://mcpbengaluru26.sched.com/event/140592e3ca51c1ab3c40e6a9f0a12117
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T064500Z
DTEND:20260610T071000Z
SUMMARY:Why Your Database MCP Should Never Talk To Your Database - Gowtham Raj Elangovan\, Comcast
DESCRIPTION:Most database MCP implementations are stdio transport\, hardcoded URIs\, and live connections handed directly to AI agents. This works on a laptop. It fails in production. Direct agent-to-database connectivity is dangerous. Connection exhaustion\, raw credentials in agent context\, DDL one hallucination away\, PII returning unfiltered into LLM context windows\, runaway queries taking down production clusters. Not theoretical. Production failures waiting to happen. For our internal DBaaS service we built a two-layer remote MCP architecture to close every one of them. An MCP Proxy handles agent-facing concerns — JWT auth\, SSO-backed approvals\, rate limiting\, and an execution_id registry so no agent ever sees a raw URI. It never touches the database. Queries route through a Query Service — the only layer that does. Read-only enforced structurally\, DDL blocked even for root\, injection filtered\, timeouts enforced\, Presidio scrubbing PII before responses reach any agent context window. We contrast this with direct-connect tools\, contribute execution_id as a reusable enterprise primitive\, and make the case for why an enforcement layer between MCP and your DB is the architecture — not an option
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:870dd1287d898984c8b509362b913395
URL:http://mcpbengaluru26.sched.com/event/870dd1287d898984c8b509362b913395
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T071000Z
DTEND:20260610T084000Z
SUMMARY:Attendee Lunch
DESCRIPTION:\n
CATEGORIES:BREAKS + MEALS + SPECIAL EVENTS
LOCATION:Convention Hall Foyer\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:aac8cb27fe3d1b6bd833e3b98bc2edc0
URL:http://mcpbengaluru26.sched.com/event/aac8cb27fe3d1b6bd833e3b98bc2edc0
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T084500Z
DTEND:20260610T094000Z
SUMMARY:Keynotes To Be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:ef256f71818f87a61065ed3637cf2c20
URL:http://mcpbengaluru26.sched.com/event/ef256f71818f87a61065ed3637cf2c20
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T095000Z
DTEND:20260610T101500Z
SUMMARY:Skills Are Not MCP Servers: When To Use Which (and How To Make Them Work Together) - Animesh Pathak & Jyoti Bisht\, Harness Inc
DESCRIPTION:There's a running argument in the AI tooling world right now do you need MCP servers\, or can you just use Skills? I've been on both sides of this. At Harness\, I've built Claude Skills for DevOps workflows and worked with our MCP server that wraps the entire platform. And the honest answer is: it depends\, but most people are picking the wrong one for the wrong job.\n \n In this talk I'll break down where the boundary actually is. Skills are great when the knowledge is stable conventions\, workflow logic\, best practices. MCP servers earn their keep when you need live data\, real-time API calls\, or actions with side effects. The interesting part is what happens when you layer them: a Skill that knows how to debug a failed deployment\, calling an MCP server that pulls live pipeline logs and execution data.\n \n I'll walk through real examples I've built skills that started as simple "SKILL.md" files and grew into MCP-backed workflows\, and cases where I over-engineered an MCP server when a markdown file would've done the job. If you're building agents and trying to figure out the right architecture\, this talk should save you some wrong turns.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:ebd0fd302de06f5c0d5bac9924c54e92
URL:http://mcpbengaluru26.sched.com/event/ebd0fd302de06f5c0d5bac9924c54e92
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T095000Z
DTEND:20260610T101500Z
SUMMARY:The Stdio Deadlock Nobody Warned Us About: OS-Level Process Management for MCP - Yuvraj Pradhan\, MIT ADT University & Archana Kumari\, MIT ADT University
DESCRIPTION:When we moved our multi-agent MCP system from REST to stdio transport\, the protocol schema was not the problem. OS pipes have no safety nets. When a model silently segfaults mid-inference\, it does not send a JSON-RPC error. It just dies. The orchestrator sits blocked on a stdout.readline()\, which never comes. Then we hit the pipe buffer deadlock. Inference engines are noisy. They dump token speeds and debug logs to stderr. If the orchestrator is waiting on stdout and ignoring stderr\, the OS pipe buffer fills up to 64KB. The OS physically halts the model. The orchestrator waits for the model to finish. The model waits for the orchestrator to clear the pipe. Nobody moves. To fix it we had to build async wrapper classes that continuously drain stderr into background loggers. This talk covers what we learned: - Draining stderr continuously or your process dies silently - Managing SIGKILL and EOF lifecycles to flush sensitive data from RAM - Replacing HTTP timeout assumptions with OS process management If you are running MCP over stdio\, this talk is the process management guide the MCP ecosystem has not written yet.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:7a2d3ce7f09d939a04ecf86ea8681224
URL:http://mcpbengaluru26.sched.com/event/7a2d3ce7f09d939a04ecf86ea8681224
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T095000Z
DTEND:20260610T101500Z
SUMMARY:Auditing MCP Tool Calls at the Kernel Level: eBPF as a Trust Boundary Enforcer - Harini Anand\, IBM
DESCRIPTION:As MCP servers exponentially proliferate\, a critical question emerges: who audits what an LLM actually did when it invoked a tool? Application-layer logs can be tampered with or missed. This talk argues that eBPF is the only tamper-resistant audit layer for MCP tool execution and shows you how to build it. We walk through instrumenting an MCP server's syscall surface with bpftrace and cilium/ebpf: capturing every network egress triggered by a tool call\, every file descriptor opened\, every exec spawned\, correlated back to the originating MCP request ID via process lineage tracking in BPF maps. The result is an immutable\, kernel-enforced audit trail that no application-layer bug or prompt injection can suppress. We'll also cover using eBPF LSM hooks to enforce policy at call time\, blocking tool invocations that attempt unexpected network destinations or file paths effectively making eBPF a runtime policy engine for MCP's threat model. Attendees leave with a working threat model\, reference eBPF programs\, and a clear mental model for where kernel enforcement fits in MCP's trust architecture.
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:72bebf1811c816f6a1f283ac8b1ff425
URL:http://mcpbengaluru26.sched.com/event/72bebf1811c816f6a1f283ac8b1ff425
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T101500Z
DTEND:20260610T104000Z
SUMMARY:The Invincible MCP Server: Building Crash-Proof AI Tools With Durable Execution - Shubham Londhe\, Temporal
DESCRIPTION:We All have been building AI Agents with MCP since it launched in 2024\, but there's one thing no one is talking about - "What happens when MCP Fails? (and they fail often). MCP is just a process and it can crash\, and so will the AI agent progress\, it all can vanish with a crash. Well\, the new Tasks primitive in MCP (SEP-1686) helps a lot\, it gives your AI agents a way to hand off long-running tools\, but it doesn't solve the real problem. They don't maintain the state when the server crashes. In this session\, I'll do a live demo of a Kubernetes Auto Healing AI Agent with MCP server and walk through how to wrap MCP tool logic in workflows that survive crashes\, restarts\, and network failures. I'll cover how to handle human-in-the-loop approvals inside long-running tools\, how to retries and state-management\, and how to observe what your MCP tools are doing in production. I'll be breaking a running server on stage and show you the agent recovering without losing a step. Hence "The Invincible MCP Server"
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:8c1c6ca18fbf7724fdef0d2ce47204d2
URL:http://mcpbengaluru26.sched.com/event/8c1c6ca18fbf7724fdef0d2ce47204d2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T101500Z
DTEND:20260610T104000Z
SUMMARY:Agentic DX: Bringing Your IDP Into the IDE - Adnan Vahora\, Motorola Solutions
DESCRIPTION:Platform engineering has a chicken-and-egg problem: the platform needs adoption to justify investment\, but adoption requires onboarding that teams resist when deadlines are tight. Our internal developer platform hit this hard. It serves 4\,000+ developers across clouds and managed Kubernetes\, yet many teams found the portal too unfamiliar. We solved it with a second entry point built on MCP. Instead of learning a new UI\, developers get 30+ platform capabilities directly in IDE chat\, from namespace provisioning and Helm deployments to cost analysis and access management. An MCP App renders forms in chat\, developers approve and execute\, and a first deployment can happen with almost no onboarding. This session covers the production architecture: sandboxed iframe-based MCP Apps\, Elicitation for structured write approvals\, an Adaptive Tool Router that keeps 30+ tool schemas from flooding the context window\, a split between deterministic Agent Skills and ReAct reasoning\, and a safety layer with a sub-500ms kill switch plus delegated RBAC tied to existing permissions. Attendees leave with a practical blueprint for meeting developers where they already work.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:ae00a24ae2e67a9a8a60bce6759713d6
URL:http://mcpbengaluru26.sched.com/event/ae00a24ae2e67a9a8a60bce6759713d6
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T101500Z
DTEND:20260610T104000Z
SUMMARY:Who Let the Agent In? Securing MCP Servers in Production - Prachi Jamdade\, Gravitee
DESCRIPTION:What if your MCP server could confidently decide who gets access to what\, without turning your codebase into a security nightmare? In this session\, we follow the journey of a simple MCP server as it evolves from an open endpoint into a fully secured\, production-ready system. Along the way\, you’ll see how authentication actually works in MCP\, how to move beyond basic role checks into fine-grained\, contextual authorization with OpenFGA\, and how these pieces fit together in real-world scenarios. The highlight is a live demo where we lock down an MCP server step by step\, making the invisible layers of security visible and practical. By the end\, you won’t just understand MCP security\, you’ll know exactly how to implement it or even offload it entirely so you can focus on building powerful agent-driven experiences.\n\n
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:40a5865cbb346b9df8ef8475aa69a135
URL:http://mcpbengaluru26.sched.com/event/40a5865cbb346b9df8ef8475aa69a135
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T104000Z
DTEND:20260610T110500Z
SUMMARY:Why Agents Make Different Decisions With the Same Tools - Jyoti Bisht & Animesh Pathak\, Harness; Aditya Oberai\, Appwrite
DESCRIPTION:Scenario: Deploy an agent to production. Works 90% of time in testing. Month later: Claude model updates. Success rate drops to 70%. Why? Model change altered how tools are ranked.\n You can't see this. You have no control. Your agent silently degraded.\n This talk identifies sources of divergence:\n \n Temperature/sampling: Agent with temp 0.7 calls Salesforce 60% of time. Temp 0 calls it 95%.\n Model version: Claude 3.5 favors Salesforce (in training data). Opus 4.5 favors email (newer training). Same task\, different choices.\n Context truncation: Tool listed first in window = primacy bias (70% called). Tool listed last = recency bias (30%).\n Tool schema order: Tools listed alphabetically vs. semantic order (query before create) changes success rate 25%.\n Schema verbosity: Detailed descriptions make tools more likely to be selected than sparse ones.\n \n Then proposes solution: Agent fingerprinting. Create deterministic test suite capturing baseline behavior. Before deploying new model/agent version: run fingerprint suite. If success rate drops 10%+\, alert. Don't deploy.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:a2577bc516b878560953f2654dda4397
URL:http://mcpbengaluru26.sched.com/event/a2577bc516b878560953f2654dda4397
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T104000Z
DTEND:20260610T110500Z
SUMMARY:Building Rich AI-Native UI for Agentic Interactions Using MCP Apps - Ashita Prasad\, AWS
DESCRIPTION:AI Agents are getting smarter with each passing day. But\, their interfaces? Not so much. But\, what if there is a way to turn the AI chat from a place where you converse into a place where you can actually work? MCP Apps offer a solution to go beyond the text and standardize how MCP servers can deliver rich\, bidirectional UI components like dashboards\, forms\, interactive visualizations & more. These components are rendered securely and natively within AI hosts\, enabling agents to interact with users via rich interactive interfaces. In this session\, attendees will learn: - Core architectural patterns from real MCP Apps development - How to handle sandboxed host–server communication\, manage state synchronization\, stream real-time updates\, handle async tasks\, & add multiplayer collaboration - How to leverage context and persist memory across conversations - How to avoid some common pitfalls and utilize debugging workflows and tools - How to add authentication & deploy a remote MCP Server providing MCP Apps We will walk through a complete\, production-style Sales Analytics MCP Apps and perform a code deep-dive to showcase the effective foundational patterns while building MCP Apps.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:3d12458913b996aadaff23611cdd7806
URL:http://mcpbengaluru26.sched.com/event/3d12458913b996aadaff23611cdd7806
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T104000Z
DTEND:20260610T110500Z
SUMMARY:When Agents Get SSH Keys: Securing Distributed AI Fleet With MCP - Mradul Dubey\, ApraLabs
DESCRIPTION:Agent security discussions focus on prompt injection and sandboxing. But when agents operate on real infrastructure - pushing to Git\, executing code via SSH\, starting cloud instances - every machine in the fleet carries its own keys\, tokens\, and credentials\, multiplying the risk. This talk presents the security architecture of apra-fleet\, an open-source (Apache 2.0) MCP server that orchestrates AI agents across distributed machines: - Credential lifecycle: provisioning LLM auth (OAuth\, API keys)\, SSH keys\, and Git tokens with automated key-pair migration - Out-of-band credential entry: passwords collected via separate terminal\, never exposed to the LLM. "LLM secure variables" for sensitive text - Short-lived tokens: GitHub App mints scoped tokens with minute-level TTLs - a compromised session cannot reuse yesterday's token - Role-scoped permissions: MCP tool constraints make violations structurally impossible - a doer agent cannot call the merge tool - Encryption at rest Grounded in production sprints across C++\, Node.js\, Python\, and ML. Attendees leave with reusable patterns for securing multi-agent systems on real infrastructure.
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:60954ecb6e9c33bc91b3a30c312b7774
URL:http://mcpbengaluru26.sched.com/event/60954ecb6e9c33bc91b3a30c312b7774
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T111000Z
DTEND:20260610T114000Z
SUMMARY:Afternoon Break
DESCRIPTION:\n
CATEGORIES:BREAKS + MEALS + SPECIAL EVENTS
LOCATION:Convention Hall Foyer\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:cd0862d6e638ea870fd397da24009681
URL:http://mcpbengaluru26.sched.com/event/cd0862d6e638ea870fd397da24009681
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T114500Z
DTEND:20260610T121000Z
SUMMARY:The MCP Has No Clothes: What Most Benchmarks Miss About Real MCP Servers - Arnav Balyan\, Concierge AI
DESCRIPTION:As MCPs mature\, a gap emerges between benchmark performance and production behaviour: 1. Servers are tested in isolation\, however in production they run alongside 100s of other servers\, which affects tool selection. Typical evaluation frameworks are unable to reproduce this scale. 2. Single tool calls cannot test workflow compliance (the order and dependency of tool calls across multi step tasks). 3. Benchmarks are unable to measure user experience or quantify transcript quality. This talk presents the design philosophy for robust MCP evaluation\, grounded on field data and traffic analysis from 400+ production MCP servers. We introduce a set of success metrics for MCP server authors and show how this re-order benchmark leaderboards\, why servers that top toy evals regress in production\, and what server authors should measure before shipping. Attendees leave with a framework they can apply directly\, data to benchmark against\, and a clearer view of how they can adopt MCP confidently at scale for enterprise and internal usecases.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:80dd64d4a2cc90bb8857968c732bfd9d
URL:http://mcpbengaluru26.sched.com/event/80dd64d4a2cc90bb8857968c732bfd9d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T114500Z
DTEND:20260610T121000Z
SUMMARY:Where MCP Ends and A2A Begins: and Why That Seam Is Breaking Your Agents - Arushi Garg\, Adobe & MV Shiva\, Google
DESCRIPTION:Everyone's heard the AAIF framing: MCP handles agent-to-tool\, A2A handles agent-to-agent. Clean in theory. In practice\, every multi-agent system lives at the boundary of both\, and that boundary has no standard.\n Context gets dropped. Errors go silent. A state that survived an entire A2A task lifecycle vanishes the moment it crosses into an MCP tool call. Nobody is talking about this publicly.\n This session replaces the "vertical vs horizontal" mental model with something more honest: a precise seam diagram showing what each protocol guarantees\, what it doesn't\, and what falls into the gap. We'll go deep on MCP's Tasks primitive (SEP-1686)- including its two admitted gaps: no retry semantics\, no expiry policies. We'll map the real failure modes developers are hitting today\, drawn from open GitHub issues across both protocol repos.\n Then a live demo using Google's open-source A2A sample repo: no custom code. We'll run a real multi-agent task\, cross the protocol boundary\, sever the trace header\, and watch the silent failure happen in real time.\n You'll leave with a clear mental model\, a three-point failure checklist\, and a concrete picture of what the spec needs next.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:1357e1d725e4ee77952306e5d80350c9
URL:http://mcpbengaluru26.sched.com/event/1357e1d725e4ee77952306e5d80350c9
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T114500Z
DTEND:20260610T121000Z
SUMMARY:Beyond Containers: Sandbox Architecture for MCP Tool Execution at Scale - Vikram Vaswani\, Self Employed - Consultant
DESCRIPTION:MCP gives us a clean abstraction for agents calling tools. But it doesn't talk about security: what if the tool does bad things? For read-only tools returning structured data\, a shared-kernel container is fine. For the growing class of MCP servers exposing code execution\, the attack surface that produced CurXecute (CVE-2025-54135 and CVE-2025-59944)\, containers are the wrong primitive\, because a single exploit crosses from MCP server to host. This talk covers what MCP tool execution looks like when you take isolation seriously. It walks through the architectural pattern of scheduling Firecracker microVMs for MCP tool execution - sub-second resume (for chained tool calls and fast-start)\, minimal kernel configurations\, and common integration paths with Kubernetes. Attendees leave with a decision framework: four signals that isolation complexity is worth it\, three signals it's overkill\, and a clear mental model of the latency-vs-isolation tradeoff.
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:6f9a60dada4eb278919c6648082633a9
URL:http://mcpbengaluru26.sched.com/event/6f9a60dada4eb278919c6648082633a9
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T121000Z
DTEND:20260610T123500Z
SUMMARY:Managing Token Usage in MCP Servers Using Code Mode - Bhumika Satpathy\, Google
DESCRIPTION:As the ecosystem for the Model Context Protocol (MCP) expands\, developers are hitting a familiar wall: token bloat. While MCP provides a powerful standardized interface for LLMs to interact with external data\, the "context tax" of verbose tool definitions and massive data payloads can quickly degrade performance and spike costs. To build production-ready agents\, we must move beyond basic implementations and embrace advanced orchestration. This session dives into the architecture of efficient MCP server design\, focusing on the "Code Mode" technique. We will explore how to shift the heavy lifting from the LLM’s reasoning space to the server’s execution environment. Instead of forcing the model to process raw\, unrefined data\, "Code Mode" empowers the LLM to generate and ship logic—miniature\, execution-ready scripts—directly to the MCP server. This approach minimizes round-trip latency and drastically reduces the input tokens required for complex data manipulation.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:683a99bb13dd1bf9c38e1fc1ed872be5
URL:http://mcpbengaluru26.sched.com/event/683a99bb13dd1bf9c38e1fc1ed872be5
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T121000Z
DTEND:20260610T123500Z
SUMMARY:Multilingual MCP: Making Tool Calling Work for the Next Billion Users - Samyuktha Mohan Alagiri\, IBM
DESCRIPTION:MCP's tool schema\, server descriptions\, and routing logic are overwhelmingly designed around English. That assumption quietly breaks when you build for users in Hindi\, Tamil\, Kannada\, or Bengali.\n This talk is a ground-up look at where MCP falls short for Indic language users and what it takes to fix it. The specific failure modes covered include: intent ambiguity in tool selection when queries arrive in transliterated or code-switched text\, embedding models trained on English producing poor similarity scores for Indic-language tool descriptions\, and response localization gaps where tool results are returned in English to users who queried in their native language.\n The talk then presents concrete patterns for each problem\, including translated and dual-language tool manifests\, language-aware routing layers that sit between the user and the MCP client\, and lightweight post-processing for localizing tool outputs. All patterns are demonstrated with working code from production voice agent systems built for Indian users.\n With the MCP Dev Summit landing in Bengaluru\, this is a timely and locally grounded conversation the ecosystem needs to have.
CATEGORIES:ECOSYSTEM REGISTRIES + PLATFORM INFRASTRUCTURE
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:93013f7903e5a4d18f25345a40d2702d
URL:http://mcpbengaluru26.sched.com/event/93013f7903e5a4d18f25345a40d2702d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T121000Z
DTEND:20260610T123500Z
SUMMARY:Extending MCP: Writing Custom Protocol Extensions Without Breaking Compatibility - Saurabh Mishra\, Optum/UnitedHealthGroup
DESCRIPTION:MCP's real power lies not just in what it defines\, but in what it leaves room for. As teams push MCP into production\, the need to add custom capabilities streaming responses\, domain-specific metadata\, proprietary auth flows runs headfirst into the risk of breaking existing clients and servers. This talk walks through the practical discipline of extending MCP without fracturing compatibility: how to use capability negotiation correctly\, where to extend vs. where to fork\, how to version custom extensions gracefully\, and how to contribute extensions upstream without waiting for a spec cycle. Real examples from building extensions in the wild what worked\, what silently broke things\, and what the spec doesn't yet have a good answer for. Attendees leave with a working mental model for extension design and a checklist for evaluating whether a custom extension is safe to ship
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:d0f051cfad1e05dc479970d79128efbc
URL:http://mcpbengaluru26.sched.com/event/d0f051cfad1e05dc479970d79128efbc
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T123500Z
DTEND:20260610T130000Z
SUMMARY:Why We Built a CLI Instead of an MCP Server for Jupyter Notebooks — and What We Learned - Lahari Chowtoori\, AWS
DESCRIPTION:Jupyter notebooks are essential for AI agents\, yet the .ipynb JSON format is token-heavy and fragile for LLM manipulation. While an MCP server seemed like the obvious solution\, we instead built nb—an open-source Rust CLI designed for agentic workflows. This talk explores the design decisions behind nb and our move away from standard tool schemas: - The Sentinel Format: Why line-oriented @@cell and @@output sentinels outperform deeply nested JSON for agent comprehension. - Token Efficiency: How a single 800-token skills file replaced a complex MCP implementation\, drastically reducing overhead. - Content Hashing: Using SHA256 to solve output externalization and state management. - Real-time Sync: Demonstrating collaborative editing via Y.js when bridged to a Jupyter server. We’ll share benchmarks on task completion rates and token costs\, and provide a clear framework for choosing between MCP servers and CLI-based skills. Attendees will learn when to leverage the simplicity of a CLI and when MCP’s multi-tenant auth and discovery are truly necessary.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Scarlet 2&3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:3957186f2afda26aee7810dd6630bc91
URL:http://mcpbengaluru26.sched.com/event/3957186f2afda26aee7810dd6630bc91
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T123500Z
DTEND:20260610T130000Z
SUMMARY:Why Our AI Agent Couldn't Scale Without MCP — and How We Built It - Para Hitesh & Mohit Jichkar\, Red Hat
DESCRIPTION:Building an AI sales assistant means pulling data from everywhere \, Salesforce for accounts\, Snowflake for product catalogs\, and internal KBs for pricing. We started by hardcoding each integration into the agent. It worked until every new data source meant rewriting agent code\, duplicating auth logic\, and redeploying everything. Tool definitions were tightly coupled\, making it impossible to evolve the data layer independently.MCP changed everything. In this talk\, I'll walk through how we built a production AI sales assistant using LangGraph connected to multiple MCP servers \,each wrapping a different backend\, owned by a different team. I'll cover: why direct integrations become unmaintainable at 3+ sources\; our reusable FastMCP server template that spins up domain-specific servers in days\; how a user's SSO token flows end-to-end from agent through MCP to Snowflake OAuth with zero credential storage\; why tool descriptions and agent prompts matter more than the protocol itself \, and the patterns we developed (normalize-before-search\, dynamic prompt injection) to make the LLM reliably pick the right tool\; and what broke in production with real failures and real fixes.
CATEGORIES:BUILDING WITH MCP
LOCATION:Convention Hall\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:fd4de62e5efeb4fa34541f1427d2e0b6
URL:http://mcpbengaluru26.sched.com/event/fd4de62e5efeb4fa34541f1427d2e0b6
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T110625Z
DTSTART:20260610T123500Z
DTEND:20260610T130000Z
SUMMARY:Your MCP Server Answers Every Call. Should It? - Atulpriya Sharma\, Improving
DESCRIPTION:Your MCP server works. Every tool call executes. But do you know who made that call\, whether they were allowed to\, and whether it should have required a human to approve it first? Most MCP servers today operate on implicit trust. If an agent can connect\, it can run anything - usually without any identity checks\, boundaries\, or logs. That works in dev. In production\, a misconfigured agent or a prompt injection can trigger your most sensitive tools with nothing to stop it. This session makes the path from 'working' to 'governed' concrete: authenticating agents via OAuth\, enforcing per-tool authorisation\, and adding human-in-the-loop approvals for high-stakes actions. Live demo: we’ll take an unauthenticated agent\, lock down the server\, and hold a sensitive call for approval with a full trace on exit. MCP connects agents to your most important systems\; it’s time we started checking their IDs at the door.
CATEGORIES:SECURITY IDENTITY + TRUST
LOCATION:Scarlet 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:0e5c96c66b6954457a3942eb7bca9b12
URL:http://mcpbengaluru26.sched.com/event/0e5c96c66b6954457a3942eb7bca9b12
END:VEVENT
END:VCALENDAR