Loading…
June 9-10, 2026
Bengaluru, India
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit Bengaluru to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.


Audience: Yes clear filter
Tuesday, June 9
 

9:30am IST

Keynote: Welcome & Opening Remarks - Angie Jones, VP Developer Experience, Agentic AI Foundation
Tuesday June 9, 2026 9:30am - 9:40am IST

Speakers
avatar for Angie Jones

Angie Jones

VP of Developer Experience, Agentic AI Foundation
Angie Jones is the VP of Developer Experience at the ​Agentic AI Foundation

An award-winning educator and international keynote speaker, Angie shares her extensive knowledge with software companies and conference audiences worldwide.

As a Master Inventor, Angie is recognized for her innovative, out-of-the-box thinking, which has led to 27 patented inventions in virtual worlds, collaboration software, social networking, smarter planet initiatives, and software development processes... Read More →
Tuesday June 9, 2026 9:30am - 9:40am IST
Convention Hall
  Keynote Sessions
  • Audience Experience Level Any
  • Session Slides Yes

9:40am IST

Keynote: The Foundation for Agentic AI Interoperability - David Nalley, Director of Developer Experience, Amazon Web Services
Tuesday June 9, 2026 9:40am - 9:50am IST

Speakers
avatar for David Nalley

David Nalley

Director, Developer Experience, AWS
David Nalley is Director of Developer Experience at Amazon Web Services (AWS), where he leads efforts to improve how developers interact with AWS services and technologies. He brings over two decades of experience in technology to his role.
Nalley previously served as President of... Read More →
Tuesday June 9, 2026 9:40am - 9:50am IST
Convention Hall
  Keynote Sessions
  • Audience Experience Level Any
  • Session Slides Yes

9:55am IST

Keynote: The Missing Middle: The Shared Infrastructure MCP Needs Before It Hits a Million Servers - Hrittik Roy, vCluster
Tuesday June 9, 2026 9:55am - 10:05am IST
MCP reached infrastructure currency in 13 weeks. CNCF took 13 months. That compression is the problem. The shared plumbing every production MCP deployment now reinvents, because no neutral open implementation exists yet, has to be built in months instead of years.

This talk maps five missing layers of the MCP ecosystem and what each needs before the protocol scales two more orders of magnitude.

1. Discovery federation. One registry lookup does not survive public, private, and vendor registries coexisting.
2. Workload identity for servers. Not user OAuth. Who is this server, who signed it, what is it allowed to do?
3. Observability backbone. OpenTelemetry semantic conventions for MCP are still draft, so every gateway ships its own trace format.
4. Health and reputation signals. When seventeen servers are named github-mcp, which one should an agent trust?
5. Metering and cost attribution. Boring, load bearing, absent from the spec.

For each layer: what exists today, where it breaks at scale, what a minimum viable open implementation needs. Attendees leave with a concrete map of which gaps are urgent, which are deferrable, and which are already being filled.
Speakers
avatar for Hrittik Roy

Hrittik Roy

TPME, vCluster
Hrittik is a Platform Advocate at Loft Labs and a CNCF Ambassador, with expertise in cloud native technologies and open source communities. He has contributed extensively to developer advocacy, technical writing, and community engagement. Hrittik has been a featured speaker at events... Read More →
Tuesday June 9, 2026 9:55am - 10:05am IST
Convention Hall
  Keynote Sessions

10:15am IST

Keynote: Building Trustworthy Agentic AI on India's Digital Public Infrastructure - Jagadish Babu, EkStep Foundation; Neha Jagadeesh, Eka Care; Arjun Venkatraman, Gates Foundation
Tuesday June 9, 2026 10:15am - 10:30am IST
What does it take to build agentic AI systems that are scalable, affordable, and trustworthy for India? This keynote explores the emerging AI stack powering next-generation healthcare and public service workflows from frontier and small models to interoperable MCP architectures and DPI integration.

Speakers from the Gates Foundation, Eka Care, and EkStep Foundation discuss the technical and governance choices that will shape AI deployment across India and other emerging markets.
Speakers
avatar for Jagadish Babu

Jagadish Babu

Chief Operating Officer, EkStep Foundation
Jagadish has helped shape India’s education DPI including DIKSHA. He currently focuses on using AI and generative tools in constrained settings to improve learning and livelihoods. Jagadish leads AXL and contributes to OpenAgriNet/Vistaar.
avatar for Neha Jagadeesh

Neha Jagadeesh

Lead, AI Engineering, Eka Care
Neha Jagadeesh is a founding team member at Eka Care, where she leads AI Engineering. With 13+ years of experience building software, she's a developer at heart, currently building agentic pipelines and LLM systems that turn frontier AI research into products people love to use. She... Read More →
avatar for Arjun Venkatraman

Arjun Venkatraman

Senior Officer, Artificial Intelligence, Gates Foundation
Arjun's work at the Foundation is focused on shaping and scaling the use of artificial intelligence for social good, with a keen focus on enabling inclusion and expanding adoption in public sector service delivery and equitable digital transformation. His work is grounded in over... Read More →
Tuesday June 9, 2026 10:15am - 10:30am IST
Convention Hall
  Keynote Sessions
  • Audience Experience Level Any
  • Session Slides Yes

11:30am IST

From Alert To Revert: One MCP 500+ Tools for Production Triage and Real-world DevOps - Avinash Kumar Lodhi, Coursehero
Tuesday June 9, 2026 11:30am - 11:55am IST
What happens when your on-call agent can read Datadog metrics, tail logs in groundcover, pull pod state from Kubernetes, and grep GitLab for the commit that broke prod, all in one conversation? At Learneo we built one MCP endpoint that does that across 11 upstream servers, 518 indexed tools, and can manage multiple AWS accounts credentials. It changed how we triage incidents.
I'll walk a synthetic incident end to end, with redacted screenshots from real ones, showing the agent go from alert to MR to revert.

Key Takeaways:

- Context: meta-tools and BM25 search keep the agent at about 1.5k tokens, not 500 schemas, and it pulls what it needs on demand
- Routing: a company overview shipped as MCP instructions on connect points the agent at the right cluster and Jira project before it picks a tool
- Memory: an agent-maintained company wiki for org structure, data models, and playbooks. The agent reads it and writes back what it learns
- Security: centralized credentials and a write denylist so the agent can read everything without breaking anything

Attendees will leave understanding both the value and the architecture for turning MCP into production-grade agent infrastructure.
Speakers
avatar for Avinash Kumar Lodhi

Avinash Kumar Lodhi

Staff Software Engineer - Devops, CourseHero
Avinash Kumar Lodhi is a Staff DevOps Engineer on the Course Hero Platform team. His job is to automate and manage things on a large scale. He started as a tester at Teradata ten years ago, then moved to DevOps. He worked at Sprinklr and then at Meesho, moving 500+ microservices from... Read More →
Tuesday June 9, 2026 11:30am - 11:55am IST
Scarlet 2&3
  Enterprise Adoption + Integration

12:00pm IST

Context-Aware MCP Servers for Small Language Models - Vivek Mankar, Anto Ajay Raj John, Stuti Sinha, Reeva Nanda, Nethra Khandige, Pradipta Ghosh, IBM
Tuesday June 9, 2026 12:00pm - 12:25pm IST
Small Language Models are great for edge and cost-sensitive deployments, but struggle with limited context windows. This talk shows how MCP servers can act as an external memory and context orchestration layer for SLMs. Based on a survey of 25+ long-context reasoning techniques, we demo concrete implementations: episodic memory with surprise-based retrieval (EM-LLM-inspired), and a dynamic context orchestrator that picks between RAG, summarization, and sliding-window strategies based on query type and model capacity. This is a builder's guide to making small models punch above their weight via smart MCP-based context engineering.
Speakers
avatar for Vivek Mankar

Vivek Mankar

Staff AI Engineer, IBM
Vivek Mankar is an AI Software Engineer specializing in high-performance AI inference systems and scalable cloud software. Operating at the intersection of deep learning and systems engineering, his work focuses on the PyTorch ecosystem, LLM serving, and MLOps automation. Backed by... Read More →
avatar for Nethra Khandige

Nethra Khandige

AI Engineer, IBM
Nethra Khandige is an AI Engineer at IBM, working on the PyTorch ecosystem, AI inference optimization, and context-aware AI systems. Backed by a strong research foundation, including published work in malware detection, neural network inference, deep reinforcement learning with published... Read More →
avatar for Anto Ajay Raj John

Anto Ajay Raj John

AI Engineering Manager, IBM
Anto John is a senior manager for AI with industry experience of 20 years. He has been working on AI projects for the past 10 years in various capacity. He was one of the core team members of the IBM BlueGene/Q supercomputer. He was the performance architect for IBM Power Systems... Read More →
avatar for Stuti Sinha

Stuti Sinha

Software Engineer, IBM
Stuti Sinha is a researcher and developer focused on the intersection of model efficiency and AI safety. With a background in Python, Java, and C++, she specializes in the PyTorch ecosystem, specifically optimizing Long Context Reasoning and architecture for Small Language Models... Read More →
avatar for Reeva Nanda

Reeva Nanda

Software Engineer, IBM India
Reeva Nanda is a software developer and AI ML researcher with strong theoretical foundations in generative AI, deep learning, and neural network architectures. Deeply passionate about the mathematics underpinning modern AI , particularly linear algebra and its role in model design... Read More →
avatar for Pradipta Ghosh

Pradipta Ghosh

AI software Architect, IBM
Tuesday June 9, 2026 12:00pm - 12:25pm IST
Scarlet 2&3
  Building with MCP

1:55pm IST

Designing a Control Plane for Agentic Systems Using MCP - Malepati Bala Siva Sai Akhil, Couchbase
Tuesday June 9, 2026 1:55pm - 2:20pm IST
As MCP-based systems grow in complexity, standardizing tool interaction alone is not enough to ensure reliable execution.

This talk introduces a control-plane perspective for MCP-based systems, grounded in distributed systems principles such as scheduling, retries, idempotency, and fault isolation. Coordinating multi-step workflows across MCP servers introduces challenges such as partial failures, inconsistent state, and retry behavior that can escalate under load.

The focus is on how a control plane actively manages execution, including deciding when and how tool calls are made, handling failures dynamically, and coordinating workflows across multiple services. It also examines how centralized control improves reliability and consistency in complex MCP-based systems.

Attendees will gain concrete mental models for building scalable and reliable MCP-based systems.
Speakers
avatar for Malepati Bala Siva Sai Akhil

Malepati Bala Siva Sai Akhil

Principal Software Engineer, Couchbase
Principal Software Engineer at Couchbase with 10+ years building distributed systems, AI infrastructure and cloud-native platforms across Intel, VMware, and Huawei. IEEE Computing Top 30 (2024) and Intel Distinguished Inventor Award recipient for work in security, distributed systems... Read More →
Tuesday June 9, 2026 1:55pm - 2:20pm IST
Scarlet 2&3
  Agent Architecture + Orchestration

1:55pm IST

From SSE To Streamable HTTP: What Actually Changed in MCP's Transport Layer and Why You Should Care - Animesh Pathak, Harness Inc
Tuesday June 9, 2026 1:55pm - 2:20pm IST
When I started building MCP-powered agents and Claude Skills at Harness, I kept running into weird transport issues, connections dropping behind load balancers, SSE endpoints behaving differently across clients, tutorials that contradicted the actual spec. Turns out, MCP's transport layer had quietly gone through a major overhaul and most of the content out there hadn't caught up.

In this talk, I'll walk through MCP's transport journey, stdio for local tooling, the dual-endpoint SSE model that powered early remote servers, and the Streamable HTTP design that replaced it in the March 2025 spec update. More importantly, I'll explain why each shift happened: the scaling headaches SSE caused, the connection recovery gap, and the auth/CORS simplifications that Streamable HTTP unlocked.

I'll share code from actual migrations I've worked through, what breaks when you switch, what gets simpler, and the backward-compatibility gotchas that the docs don't warn you about. If you're building or maintaining MCP servers today, this should save you a few weekends of debugging.
Speakers
avatar for Animesh Pathak

Animesh Pathak

DevRel Engineer, Harness
Tuesday June 9, 2026 1:55pm - 2:20pm IST
Convention Hall
  MCP Protocol in Depth

2:25pm IST

Voice-First MCP: Real-Time Tool Calling Through a Spoken Interface - Samyuktha Mohan Alagiri, IBM
Tuesday June 9, 2026 2:25pm - 2:50pm IST
Every MCP demo assumes text in and text out. This talk explores what actually happens when you replace the text interface with a live voice stream.
Connecting a real-time voice pipeline to an MCP-backed agent introduces problems that the current MCP ecosystem has no established answers for. This talk walks through them one by one: end-of-turn detection and how tool-calling latency affects perceived conversational fluency, interruption handling when a user speaks while a tool is executing, tool result verbalization where structured JSON responses need to be narrated naturally without losing meaning, and error communication when a tool fails mid-conversation.
The talk is grounded in a working system built with a real-time voice layer, Sarvam AI for speech processing, and MCP-connected agents handling live tool calls. Attendees will see a live demo and leave with an architectural blueprint for voice-first MCP agents, including the specific latency budgets, buffering strategies, and verbalization patterns that make the experience feel natural rather than robotic.
This is a frontier that very few builders have shipped in production.
Speakers
avatar for Samyuktha M S

Samyuktha M S

Software Developer, IBM
Samyuktha is a Software Developer at IBM India Software Labs who loves building things that actually work in production, from voice agents and multilingual multi-agent pipelines to self-healing infrastructure using MCP, LangGraph, Claude, and Qdrant. A 13x hackathon winner including... Read More →
Tuesday June 9, 2026 2:25pm - 2:50pm IST
Convention Hall
  Building with MCP

2:55pm IST

Putting MCP on a Diet: A Proxy for Tool Scoping and Context Compression - Prathamesh Saraf, Truefoundry
Tuesday June 9, 2026 2:55pm - 3:20pm IST
Connect three MCP servers and 55,000 tokens are consumed before the agent reads the user's query. Perplexity's CTO called this out at Ask 2026. Cloudflare measured 244,000 tokens for their API surface. The protocol isn't the problem. The "load everything upfront" pattern is.

FastMCP Code Mode solves this server-side, but requires the server author to opt in. Most MCP servers in the wild will never add it.

I'm currently building mcp-guardian, an open-source Python proxy that addresses this for any server, unmodified. It will do two things:

1. Tool scoping: filter tools/list against a YAML config so agents only see allowed tools. delete_repo won't exist in the agent's world.

2. Progressive disclosure: expose three meta-tools (search_tools, get_schema, execute_tool) instead of full schemas. Agents will start at ~300 tokens instead of ~8,000 and load schemas on demand.

I'll live-demo: direct connection (14 tools, ~8,000 tokens) vs through the proxy (3 meta-tools, ~300 tokens). I'll walk through the JSON-RPC interception, share token benchmarks, and compare with Code Mode. They're complementary, not competing.

The project will be open source.
Speakers
avatar for Prathamesh Saraf

Prathamesh Saraf

Sr. Forward Deployed Engineer, Truefoundry
I'm a senior forward-deployed engineer specializing in GenAI: voice agents, agentic workflows, RAG, and the infrastructure underneath. I ship in customer environments, with customer teams, against customer constraints, and I stay through the part where systems have to actually keep... Read More →
Tuesday June 9, 2026 2:55pm - 3:20pm IST
Convention Hall
  Building with MCP

2:55pm IST

InstaMCP: Instant MCP-ification of Enterprise APIs - Rupal Sharma & Ujjal Sharma, Nutanix
Tuesday June 9, 2026 2:55pm - 3:20pm IST
This session introduces InstaMCP, a common platform designed to instantly "MCP-ify" enterprise APIs and eliminate the need for redundant "glue code" currently required to connect LLMs to internal products. This solution addresses siloed AI integrations and maintenance bottlenecks within large SaaS ecosystems. InstaMCP automatically ingests Swagger/OpenAPI specifications to generate fully deployable, secure Model Context Protocol (MCP) servers in minutes. It moves beyond simple 1:1 API mapping by providing a visual, low-code interface for developers to stitch multiple APIs into complex, multi-step workflow tools for seamless agent execution. Attendees will explore the platform's architecture, automated MCP server generation, and how it addresses the critical "security blindspot" by accommodating token-exchange and other guardrails.
Speakers
avatar for Rupal Sharma

Rupal Sharma

Staff Engineer, Nutanix
A software engineer with more than a decade of experience architecting high-scale platforms across Fintech, Telecom, and Identity. Specialist in major platform modernization and high-concurrency systems.
avatar for Ujjal Sharma

Ujjal Sharma

Member of Technical Staff, Nutanix
Building enterprise grade AI agents and MCP servers
Tuesday June 9, 2026 2:55pm - 3:20pm IST
Scarlet 2&3
  Enterprise Adoption + Integration
  • Audience Experience Level Beginner
  • Session Slides Yes

3:25pm IST

MCP Schema Evolution: Versioning Tool Contracts Without Breaking Agents - Yogesh Sardana, Cloud Engineering Leader & Researcher
Tuesday June 9, 2026 3:25pm - 3:50pm IST
This is just not about a single organisation but for every organisation, tool schemas in MCP evolve as platforms change parameters get renamed, new required fields are added, response shapes shift. Agents built against an older schema break silently, produce incorrect results, or enter undefined behavior, and there is no established SemVer discipline for MCP tools today. This session proposes a practical versioning specification for MCP tool definitions covering additive-only change policies, explicit deprecation signals embedded in tool metadata, capability negotiation via request headers, and client-side schema compatibility layers. The session demonstrates these patterns with a real Kubernetes tool server that ships v1 and v2 tool definitions side by side, with running agents targeting each version independently, and a live migration showing how a breaking change is introduced and absorbed without downtime.
Speakers
avatar for Yogesh Sardana

Yogesh Sardana

Cloud Leader, Independent
I'm working as a Cloud Leader, part of R&D wing, known as Jack of all trades but master of Cloud. Been into various tech stacks before of SDLC like Full Stack App Dev, Testing, Data Analytics, having fun with tech.
Tuesday June 9, 2026 3:25pm - 3:50pm IST
Convention Hall
  MCP Protocol in Depth
  • Audience Experience Level Any
  • Session Slides Yes

4:20pm IST

MCP Resources Are Already a Knowledge Graph - You Are Just Not Reading the Headers - Kesigan Anbalagan, Comcast
Tuesday June 9, 2026 4:20pm - 4:45pm IST
Most retrieval systems ignore the structure MCP Resources already provide unique URIs, typed links, version metadata, timestamps and flatten everything into vector chunks. GraphRAG proved retrieval needs relational structure; MCP already has it natively.
This talk demonstrates with a live adversarial demo: a vanilla RAG agent and a Resource-graph agent answer the same questions against the same corpus. RAG works on single-hop queries. It confidently returns stale data when a superseded document exists. The graph agent catches the version conflict using last-modified metadata that was already there. When the graph has a broken link, it reports the dead end instead of hallucinating.
A hop-count benchmark across seven questions (1–5 hops) makes the gap measurable: at three hops, RAG hit rate dropped to 50% while graph traversal held at 100%.
The primary deliverable is a draft cross-reference metadata convention four optional fields (superseded_by, depends_on, implements, compliance_scope) that any MCP Resource provider can add without breaking existing consumers. The goal: make knowledge as navigable for AI agents as hypertext made the web for people.
Speakers
avatar for Kesigan Anbalagan

Kesigan Anbalagan

Principal Engineer, Comcast India Engineering Center LPP
I am Kesigan Anbalagan technology leader and AI enthusiast with extensive experience in cloud-native solutions, developer experience platforms, and enterprise AI integration. As part of the Central DevX team at Comcast, he focuses on embedding AI across the software development lifecycle... Read More →
Tuesday June 9, 2026 4:20pm - 4:45pm IST
Convention Hall
  Building with MCP

4:20pm IST

MCPeek Into Your Server's Secrets - Akash Sathish, Sahaj Software
Tuesday June 9, 2026 4:20pm - 4:45pm IST
Most "MCP security scanners" are wrappers around npm audit and regex keyword rules. A November 2025 research survey showed 0% detection on TypeScript servers because the underlying tools never parse the AST and two-thirds of public MCP servers ship in TypeScript.

This talk walks through building an AST pipeline using ts-morph that catches what keyword rules miss: path traversal through fs wrapper functions, command injection even when the command is assembled across intermediate variables, SSRF through aliased URL parameters, and tool handlers registered without any schema validation. The key technical contribution is multi-pass taint tracking following a user parameter through variable aliases before reaching a dangerous sink, which eliminates the false-negative class that makes regex rules useless. Audited against more than 50 MCP servers.

Attendees leave with:
(1) the open-source MCPeek ruleset to drop into CI,
(2) a decision framework for choosing SAST depth per vulnerability class,
(3) the taint-tracking pattern for building MCP-aware rules in any language.

Link to MCPeek: https://github.com/iamakash-06/MCPeek
NPM Package: https://www.npmjs.com/package/mcpeek
Speakers
avatar for Akash Sathish

Akash Sathish

Solution Consultant, Sahaj Software
I'm a Solution Consultant at Sahaj Software in Chennai. I've been neck-deep in MCP, AI-Assisted Development, and agentic architectures since before they had proper names. I've spoken at GitTogether 2025, The Fifth Elephant 2025, and six other conferences across AI-assisted development... Read More →
Tuesday June 9, 2026 4:20pm - 4:45pm IST
Scarlet 2&3
  Security Identity + Trust

4:50pm IST

When MCP Meets Reality: Performance, Latency, and the Hidden Cost of AI Orchestration in Enterprises - Partha Sarthy, Applied Materials
Tuesday June 9, 2026 4:50pm - 5:15pm IST
MCP enables powerful AI-driven workflows — but production enterprise systems have SLAs, throughput contracts, and years of performance tuning. Wiring a reasoning loop into that environment reveals costs that don't show up in demos: latency amplification from sequential tool invocations, data movement overhead across system boundaries, schema drift, and observability gaps that span model reasoning and distributed backends.

This talk takes a systems-engineering lens to MCP in enterprise-scale data platforms. We formalize the MCP execution pipeline, identify where overhead accumulates, and present architectural patterns that contain the cost — including isolating orchestration from hot paths, fronting high-performance backends with thin MCP adapters over gRPC, and tracing multi-step workflows end to end.

The central argument: MCP belongs on the control plane, not the data plane. Enforce that boundary, and you gain adaptive orchestration without sacrificing reliability. Cross it, and predictability erodes fast. Attendees leave with a latency model, a failure-mode taxonomy, and a practical framework for deploying MCP in production — deliberately, not by accident.
Speakers
avatar for Partha Sarthy

Partha Sarthy

Software Engineer, Applied Materials
I am a Software Engineer at Applied Materials working in the HPC and AI domain. I have a cumulative experience of close to 8.5 years and have served in companies like HPE, Juniper and Cisco. I am also an active member of IEEE and have presented in Conferences relating to Solid State... Read More →
Tuesday June 9, 2026 4:50pm - 5:15pm IST
Convention Hall
  Enterprise Adoption + Integration

5:20pm IST

MCP + Kubernetes: Building a Self-Healing AI Platform (Not Just Pipelines) - Raghu Reddy, Calix & Esakki Raj E, Cisco
Tuesday June 9, 2026 5:20pm - 5:45pm IST
Most teams treat MCP as a pipeline, and that is the problem. Pipelines fail silently. They have no concept of desired state, no reconciliation loop, and no recovery path when a model times out or a tool call returns garbage. You are essentially writing bash scripts with an LLM in the middle.

Kubernetes already solved this. The operator pattern gives you level-triggered reconciliation, retry logic with backoff, and declarative desired state baked into the control plane. Combine that with MCP's tool abstraction and you stop writing pipelines and start building platforms where AI workflows are first-class resources that the cluster actively keeps healthy. GitOps via ArgoCD means your model routing, fallback configurations, and tool permissions are version-controlled, auditable, and promotable across environments like any other workload.

We will cover: modeling MCP workflows as Kubernetes custom resources, building operators that reconcile AI workflow state including fallback model selection and tool availability, wiring ArgoCD to manage MCP server deployments and configuration drift, and the observability hooks you need to actually trust that self-healing fired correctly.
Speakers
avatar for Esakki Raj E

Esakki Raj E

Senior AIOps Engineer, Cisco
Experienced Site Reliability Engineer (SRE) and MLOps specialist with over 9+ years of practical experience in designing, implementing, and managing cloud-based infrastructure and services. Proven track record in architecting and scaling large-scale AI/ML infrastructure on Kubernetes... Read More →
avatar for Raghu Reddy

Raghu Reddy

Staff Platform Engineer (Security), Calix Inc
Raghu is a Staff Platform Engineer (Security) at Calix Inc. , where he secures Kubernetes infrastructure powering AI and MLOps workloads across multiple clusters.
With over 10 years in Platform Engineering and Security. Applying supply chain security, runtime hardening, and policy... Read More →
Tuesday June 9, 2026 5:20pm - 5:45pm IST
Scarlet 2&3
  Agent Architecture + Orchestration
 
Wednesday, June 10
 

10:00am IST

Keynote: Architecting Internet-Scale Agent Skills with Managed MCP - Prashanth Subrahmanyam, Lead for Google Cloud DevRel in JAPAC, Google
Wednesday June 10, 2026 10:00am - 10:10am IST
Local MCP prototyping is magic on a laptop, but scaling to production often triggers "Agentic Sprawl." To handle complex agent loops at scale, enterprises need a centralized architecture for integration, identity, and governance. This keynote explores Google Cloud’s full-stack vision for internet-scale agents. We will unpack the shift toward stateless MCP transports to solve multi-round-trip routing bottlenecks, show how Apigee converts legacy APIs into zero-code MCP skills, and highlight how developer tools like Antigravity and the Agent Development Kit (ADK) push the boundaries of AI from the cloud to the device.
Speakers
avatar for Prashanth Subrahmanyam

Prashanth Subrahmanyam

APAC Lead, Developer Adoption, Google Cloud, Google Cloud
Prashanth Subrahmanyam leads Cloud Developer Advocacy for APAC at Google, focussed on one problem: making agentic AI systems work reliably in production. With two decades of engineering experience spanning SAP, Apigee, and Google, including reliability engineering at Google... Read More →
Wednesday June 10, 2026 10:00am - 10:10am IST
Convention Hall
  Keynote Sessions
  • Audience Experience Level Any
  • Session Slides Yes

10:15am IST

Keynote: Extending Goose: Building an AI Teammate for 
Open Source - Abhijay Jain, Maintainer, Contributor & Grant Recipient, AAIF Goose
Wednesday June 10, 2026 10:15am - 10:25am IST
Goose is an open-source AI agent that can be extended through integrations, tools, and community-driven projects. In this talk, I'll share my journey working with Goose, explore how its capabilities can be extended through community-driven projects, highlight examples from the Goose ecosystem, and discuss the development of GooseBot as one approach to bringing AI agents closer to developer communities. Along the way, I'll cover lessons learned from building in the open and why extensibility is key to the future of open-source AI agents.
Speakers
avatar for Abhijay Jain

Abhijay Jain

Maintainer & Contributor, AAIF Goose, AAIF Goose
I’m Abhijay Jain, an open-source developer and FOSS enthusiast with experience across developer tooling, Bitcoin infrastructure, AI products, and modern web technologies.

Over the years, I’ve contributed to global open-source programs and organizations including the Linux Foundation, Google summer of code, Block, UnternehmerTUM, and several community-driven ecosystems. I started my open-source journey as an LFX mentee with Open Horizon (IBM open... Read More →
Wednesday June 10, 2026 10:15am - 10:25am IST
Convention Hall
  Keynote Sessions
  • Audience Experience Level Any
  • Session Slides Yes

10:25am IST

Keynote: From Shadow IT To Scale: The MCP Adoption Journey - Shannon Williams, Obot AI
Wednesday June 10, 2026 10:25am - 10:35am IST
The Model Context Protocol (MCP) is now an LF project, and that's fantastic news for the open source ecosystem. Last year MCP servers went mainstream fast, linking up AI models with apps, data and systems. Whether you are managing it or not, hundreds of people are already using MCPs within your company. Unfortunately, many IT teams are discovering this adoption, not planning it.

This talk provides a quick intro to the MCP ecosystem, and presents a four-stage maturity model for MCP adoption, from tracking shadow MCP development to secure, enterprise-wide deployment. You'll learn where your organization actually is (most are Stage 1 or early Stage 2), what infrastructure you need for each stage, and how to build the process and policies to turn MCP from a risk into an enabling technology.

This model is based on patterns from real deployments and hundreds of engagements with engineers dealing with this right now. I'll touch on MCP development, security, management, operations and how to get these incredibly useful tools into the hands of more and more users within your company.
Speakers
avatar for Shannon Williams

Shannon Williams

President, Obot AI
I am the President and co-founder of Obot AI, and have been building open source software for the last 20 years. Prior to starting Obot, I co-founded Cloud.com (creator of CloudStack) and Rancher Labs (creator of Rancher, k3s, Longhorn, etc). I was a board member of the CNCF for 4... Read More →
Wednesday June 10, 2026 10:25am - 10:35am IST
Convention Hall
  Keynote Sessions

11:00am IST

From Intent To Production: MCP Gateway Patterns for Regulated Banking - Hariskumar Panakkal, Wipro
Wednesday June 10, 2026 11:00am - 11:25am IST
I spent the last year building agentic systems with MCP and MCP Gateway, and want to share what I learned — especially the things you only hit when you try to build for a real, regulated domain.

The build is a four-part system: a React portal, a LangGraph agent, Microsoft MCP Gateway as the front door, and a FastMCP server with 19 tools behind it. This talk walks through how the pieces fit together and the specific patterns that worked.

What I'll cover:

- How I structured MCP tools with Pydantic schemas, idempotency keys, and correlation IDs that travel through every layer
- Why my first three gateway deployments failed and how the mcp-session-id header fixed stateful tool routing through MCP Gateway
- A simple tool wrapper pattern that keeps sensitive data like SSN out of the LLM context while the agent still reasons about the workflow
- Why I made consent its own MCP tool with a signed receipt instead of bundling it into submit
- Three gaps I hit in MCP and the gateway and how I worked around them — honest notes for the community

If you're building with MCP and MCP Gateway and heading toward anything production-grade, these are the patterns I wish I'd had going in.
Speakers
avatar for Hariskumar Panakkal

Hariskumar Panakkal

Distinguished Member of Technical Staff (DMTS) and Enterprise Architect, Wipro
Hariskumar Panakkal is an Enterprise Architect and Distinguished Member of Technical Staff (DMTS), recognized with the 2025 Most Valuable Technologist (MVT) award. With a background in cloud transformation and responsible AI, he has spent the last year building agentic systems on... Read More →
Wednesday June 10, 2026 11:00am - 11:25am IST
Convention Hall
  Building with MCP

11:00am IST

Beyond Tools and Resources: A Deep Dive into MCP Sampling for Agentic Features - Kevin Vaz, Smartbear
Wednesday June 10, 2026 11:00am - 11:25am IST
Most MCP servers are one-shot: the client asks, the server answers. But some features need the server to reason mid-execution like summarise a diff before returning it, classify input to pick the next step, recover from ambiguity instead of failing, generating new data. That's what sampling unlocks: the server calls back into the host's LLM, without ever holding its own model keys.

This deep dive walks through sampling/createMessage feature provided by the mcp protocol and its internals messages, modelPreferences, includeContext, systemPrompt — and what the client is actually allowed to modify. We'll cover capability negotiation and the human-in-the-loop approval flow, then step through how sampling patterns are actually built in the smartbear-mcp server, using its implementations over there to understand how one could build their own sampling features.

Then the hard parts: agent loops, token-budget blowups, portability across clients using different model providers.

You'll leave knowing when sampling beats tools or elicitation, and with patterns you can lift today.
Speakers
avatar for Kevin Rohan Vaz

Kevin Rohan Vaz

Senior Software Engineer, Smartbear
Kevin Rohan Vaz is a Senior software engineer at SmartBear and a core contributor to the open-source smartbear-mcp server and swagger contract testing features, where he designs and ships the server's sampling, tools, and resource integrations. He spends his time turning MCP spec... Read More →
Wednesday June 10, 2026 11:00am - 11:25am IST
Scarlet 2&3
  MCP Protocol in Depth
  • Audience Experience Level Beginner
  • Session Slides Yes

11:00am IST

"Allowed To" Is Not Enough: Access Control That Understands What Your Agent Is Actually Doing - Tejas Ladhani, Motorola Solutions Inc & Chandrashekar Haleupparahalli, Motorola Solutions
Wednesday June 10, 2026 11:00am - 11:25am IST
Every agent today answers one question at the auth layer: is this agent allowed to do this? Wrong question. The real one: is it doing something consistent with what the user asked - right now, in this step?

These aren't the same, and the gap is where things break.

Today's auth was built for humans logging into apps: roles and scopes that persist regardless of what the agent is actually attempting. Tell an agent to "read this PDF and send the pointers to my team." The PDF hides an instruction: also forward the thread to an external address. The agent fires two sends - one legit, one exfiltration. Same token. Same checks. Role-based auth can't tell them apart because it never knew the agent's job.

This talk closes that gap. We'll trace why every prior access model assumed a stable human actor - and why that collapses when agents delegate to agents. We'll introduce Intent-Based Access Control: decisions that reflect not just what an agent may do, but what it's trying to do right now. We'll cover emerging standards like transaction tokens and richer auth context, plus concrete steps to ship intent-aware access in MCP flows today.
Speakers
avatar for Chandrashekar Haleupparahalli

Chandrashekar Haleupparahalli

Engineering Manager, Motorola Solutions Inc
Engineer Manager of Identity and Access Management
avatar for Tejas Ladhani

Tejas Ladhani

Software Engineer II, Motorola Solutions Inc
Tejas Ladhani is a Software Engineer at Motorola Solutions, architecting Agentic AI for mission-critical public safety. He specializes in high-stakes systems where security is foundational and downtime has real-world consequences, from unifying enterprise identity layers to slashing... Read More →
Wednesday June 10, 2026 11:00am - 11:25am IST
Scarlet 1
  Security Identity + Trust

11:30am IST

Beyond Tool Calls: Unlocking Interactive, Token-Smart Agents with MCP Apps - Suraj B, HDFC Bank
Wednesday June 10, 2026 11:30am - 11:55am IST
MCP Apps are reshaping what a Model Context Protocol server can do — turning text-only tool exchanges into rich, interactive experiences embedded directly in the host. This session takes a builder's tour of the MCP Apps extension: core concepts, target use cases (dashboards, multi-step workflows, human-in-the-loop confirmations), the security model, and current limitations worth knowing before adoption.
A central theme is the visibility paradigm — letting UI carry state the model doesn't need to see, unlocking meaningful token savings on data-heavy flows. We'll cover iframe sandbox constraints, postMessage patterns, session-bound identity, and prompt-injection defenses for sensitive actions. We will also cover existing protocol limitations and work going on to address the same in exp-apps working group.
We close with a live Go-based demo executing a fund transfer flow end-to-end.
Speakers
avatar for Suraj B

Suraj B

Lead Engineer, HDFC Bank
Suraj is a contributor to the MCP Go SDK and member of the MCP Financial Services Interest Group. He is a Lead Backend and AI Engineer at HDFC Bank, building agentic AI platforms with a focus on MCP server architecture and token optimization. A Go developer with ~10 years of experience... Read More →
Wednesday June 10, 2026 11:30am - 11:55am IST
Convention Hall
  Building with MCP

11:30am IST

SEO for Agents: Designing MCP Endpoints That Let Agents Evaluate Each Other Before Transacting - Manav Agarwal, Dream11
Wednesday June 10, 2026 11:30am - 11:55am IST
When humans hire someone, they ask questions first. Check reviews, compare, negotiate. AI agents can't do any of this.

An MCP flight booking server says: "I book flights." Another agent can't ask: How many routes? Success rate? Can you get business class upgrades?

I tore down top MCP servers across mcp.so, Smithery, Glama, PulseMCP. The #1 server has 52K stars but exposes 47 capabilities with zero verifiable metrics. Tool schema: 1,020 tokens of bloat.

The problem: MCP tool schemas describe WHAT but not HOW WELL. No capability layer for agents to evaluate each other before committing.

What's needed — structured capability endpoints:

"I book flights"
→ 147 routes, 96.2% completion, 23% avg savings
→ Business class upgrades: 340 secured, 41% success
→ Savings by route queryable, methodology documented
→ Full transaction log for independent verification

Exposed as MCP resource endpoints —
capability/summary returns structured metrics, capability/evidence/{tool} returns methodology, capability/raw/{tool} returns verifiable logs.

I'll show real endpoint teardowns, what's missing from tool schemas, and a draft capability-metadata spec builders can implement.
Speakers
avatar for Manav Agarwal

Manav Agarwal

Senior Product Manager | Engineer, Dream11 | DreamStreet
An engineer drawn less to building features than to questioning the foundations systems rest on — the invisible layer of trust, payments, and reputation that quietly decides whether strangers ever cooperate. That instinct has carried him from the plumbing of agentic commerce (he's... Read More →
Wednesday June 10, 2026 11:30am - 11:55am IST
Scarlet 1
  Security Identity + Trust

12:00pm IST

Running MCP Fully Local: Private, Offline-Capable Agents With Ollama and Open Models - Harish Kotra, Forge Alumnus
Wednesday June 10, 2026 12:00pm - 12:25pm IST
Over the last few months I've built and shipped 100+ agents in public, many wired into MCP servers running against local models through Ollama, LM Studio, and decentralized open-source inference. A draw.io MCP server driven by Llama 3.2, an Excalidraw MCP integration, a Bright Data MCP briefing agent, all running end-to-end without a single token leaving the host.

This talk is a working engineer's tour of that stack. We'll walk through a minimal local MCP setup (server + client + Ollama) and then dig into the real-world failure modes: tool-selection collapse on 7B models, JSON-schema compliance gaps, capability-negotiation mismatches, and the surprisingly large quality delta between structured-output fine-tunes and general chat models. I'll share the prompt shapes, tool-description patterns, and schema-validation tricks that reliably push small open models from "demo-grade" to "I'd ship this internally."

Attendees will leave with a reference architecture for private MCP, a shortlist of open models that actually handle tool calls well today, and a set of design patterns for MCP servers that degrade gracefully when the client LLM has 8B parameters instead of a trillion.
Speakers
avatar for Harish Kotra

Harish Kotra

DevX Lead, xo.builders
Harish is a Fractional CTO and AI agent builder based in India. He previously led Developer Relations at Gaia and spent over a decade at AngelHack organizing 200+ hackathons. Since 2026 he's published one new open-source AI agent every day at dailybuild.xyz, 100+ builds spanning MCP... Read More →
Wednesday June 10, 2026 12:00pm - 12:25pm IST
Convention Hall
  Building with MCP
  • Audience Experience Level Any
  • Session Slides Yes

12:00pm IST

From MCP Discovery To Execution: Building a Governed Marketplace & Gateway for Agentic Systems - Rahul Ganesh Partheeban, Freshworks
Wednesday June 10, 2026 12:00pm - 12:25pm IST
We started building an MCP gateway in early 2025, when the spec was still maturing, and there were no established patterns for multi-tenant enterprise implementation.

This talk will delve into the key patterns we used for taking MCP from POC to Production. We'll also cover layering MCP as a gateway over an existing platform:

- Propagating tenant context through the MCP handshake, so a single gateway can safely serve thousands of accounts.
- Decoupling session state from pod affinity with a distributed session store — needed for horizontal auto-scaling and safe rolling deploys.
- A three-tier error model (protocol/gateway/application) so agents classify failures and retry intelligently.
- A sub-registry that extends the registry with vetting and curates trusted Remote MCP servers with per-tenant install state.
- Multi-tenant session and secret management with One-click install and OAuth 2.1 + Dynamic Client Registration handled by the marketplace, not by every AI client.
- MCP gateway that proxies to remote servers under shared FUP, rate limits, retries/circuit-breaking, and analytics - handling a black-box third-party server with guardrails.
Speakers
avatar for Rahul Ganesh Partheeban

Rahul Ganesh Partheeban

Lead Software Engineer - Systems, Freshworks
Rahul Ganesh Partheeban is a Lead Software Engineer at Freshworks, working on platform engineering for marketplace integrations and app ecosystems. He builds extensible, event-driven, multi-tenant platforms powering thousands of integrations and developer workflows. He played a leading... Read More →
Wednesday June 10, 2026 12:00pm - 12:25pm IST
Scarlet 1
  Ecosystem Registries + Platform Infrastructure
  • Audience Experience Level Any
  • Session Slides Yes

12:00pm IST

Ambient Identity: Just-in-Time Authorization Patterns for the Model Context Protocol - Ayesha Dissanayaka, WSO2
Wednesday June 10, 2026 12:00pm - 12:25pm IST
As the Model Context Protocol (MCP) matures, we face a critical security hurdle: how do ambient agents that are running in the background or on headless devices securely access sensitive resources without constant manual intervention?

Standard OAuth flows often break the "ambient" experience by requiring immediate browser redirects on the same device. This session proposes a decentralized identity architecture using Client-Initiated Backchannel Authentication (CIBA). By decoupling the consumption of resources from the authorization flow, an MCP client can trigger a "just-in-time" permission request directly to a user's trusted mobile device.

Key Takeaways:
- Decoupled Auth: Implementing CIBA to bridge the gap between headless MCP clients and human controllers.
- Just-in-Time delegations: Moving from "all-or-nothing" API keys to granular, session-based permissions.
- Security Patterns: Handling asynchronous "Out-of-Band" callbacks within the MCP lifecycle.

Join us to explore how we can make background agents both powerful and respectful of the "human-in-the-loop" principle.
Speakers
avatar for Ayesha Dissanayaka

Ayesha Dissanayaka

Associate Director / Architect, WSO2
Ayesha is Lead Architect for Identity and Access Management for Agentic AI at WSO2, specializing in securing autonomous AI systems. With over a decade in enterprise IAM, she architects identity solutions for AI agents, bridging traditional frameworks with emerging AI security needs... Read More →
Wednesday June 10, 2026 12:00pm - 12:25pm IST
Scarlet 2&3
  Security Identity + Trust
  • Audience Experience Level Beginner
  • Session Slides Yes

1:55pm IST

Agents Don't Fail, Environments Do: Lessons From Production MCP Deployments in Telecom - Divya Vijay, NetoAI
Wednesday June 10, 2026 1:55pm - 2:20pm IST
At NetoAI we build AI agents for telecom network operations. Our Rapid Root Cause Analysis Agent, built on our open-source TSLAM models (22k+ HF downloads), runs against live operator networks.

When we moved to MCP as the tool-interface layer, agents that passed eval started breaking weeks after production launch. The model, prompts, retrieval, none were root cause. The tool environment itself was.

So we built a digital-twin simulation of our production telecom domain and stress-tested MCP agents across four axes:
1). tool-set scale
2). task complexity
3). persona variability
4). deterministic repetition.

Tool-selection accuracy is near-perfect up to ~20 exposed tools, then collapses. One bad early dependency step cascades the whole workflow.

I'll walk through the seven failure patterns we kept hitting, including Tool Selection Collapse and Cascading Fragility, the three architectural root causes behind them, and the task-scoping and dependency-aware fixes that worked. You leave with a pre-launch methodology for your own MCP servers vendor-neutral, applicable to any dependency-dense domain.
Speakers
avatar for Divya Vijay

Divya Vijay

Senior AI Engineer, NetoAI
Senior AI Engineer at NetoAI, building production agent systems. Co-author on T-VEC and G-SPEC research papers. Previously Software Engineer at Prodapt. 3 years of shipping AI and full-stack software across agentic and UI engineering in telecom.
Wednesday June 10, 2026 1:55pm - 2:20pm IST
Scarlet 1
  Agent Architecture + Orchestration
  • Audience Experience Level Beginner
  • Session Slides Yes

1:55pm IST

Why Your Database MCP Should Never Talk To Your Database - Gowtham Raj Elangovan, Comcast
Wednesday June 10, 2026 1:55pm - 2:20pm IST
Most database MCP implementations are stdio transport, hardcoded URIs, and live connections handed directly to AI agents. This works on a laptop. It fails in production.
Direct agent-to-database connectivity is dangerous. Connection exhaustion, raw credentials in agent context, DDL one hallucination away, PII returning unfiltered into LLM context windows, runaway queries taking down production clusters. Not theoretical. Production failures waiting to happen.
For our internal DBaaS service we built a two-layer remote MCP architecture to close every one of them. An MCP Proxy handles agent-facing concerns — JWT auth, SSO-backed approvals, rate limiting, and an execution_id registry so no agent ever sees a raw URI. It never touches the database. Queries route through a Query Service — the only layer that does. Read-only enforced structurally, DDL blocked even for root, injection filtered, timeouts enforced, Presidio scrubbing PII before responses reach any agent context window. We contrast this with direct-connect tools, contribute execution_id as a reusable enterprise primitive, and make the case for why an enforcement layer between MCP and your DB is the architecture — not an option
Speakers
avatar for Gowtham Raj Elangovan

Gowtham Raj Elangovan

Principal Engineer, Comcast
Senior Data Platform & Database Engineering Architect with 13+ years building large-scale, cloud-native, and distributed database systems on-prem and AWS. Expert in autonomous AI-driven optimization, reliability engineering, and platform automation. Proven track record leading teams... Read More →
Wednesday June 10, 2026 1:55pm - 2:20pm IST
Scarlet 2&3
  Security Identity + Trust
  • Audience Experience Level Advanced
  • Session Slides Yes

2:25pm IST

Skills Are Not MCP Servers: When To Use Which (and How To Make Them Work Together) - Animesh Pathak & Jyoti Bisht, Harness Inc
Wednesday June 10, 2026 2:25pm - 2:50pm IST
There's a running argument in the AI tooling world right now do you need MCP servers, or can you just use Skills? I've been on both sides of this. At Harness, I've built Claude Skills for DevOps workflows and worked with our MCP server that wraps the entire platform. And the honest answer is: it depends, but most people are picking the wrong one for the wrong job.

In this talk I'll break down where the boundary actually is. Skills are great when the knowledge is stable conventions, workflow logic, best practices. MCP servers earn their keep when you need live data, real-time API calls, or actions with side effects. The interesting part is what happens when you layer them: a Skill that knows how to debug a failed deployment, calling an MCP server that pulls live pipeline logs and execution data.

I'll walk through real examples I've built skills that started as simple "SKILL.md" files and grew into MCP-backed workflows, and cases where I over-engineered an MCP server when a markdown file would've done the job. If you're building agents and trying to figure out the right architecture, this talk should save you some wrong turns.
Speakers
avatar for Animesh Pathak

Animesh Pathak

DevRel Engineer, Harness
avatar for Jyoti Bisht

Jyoti Bisht

Senior Developer Relations Engineer, Harness
Jyoti Bisht is a Senior Developer Relations Engineer with 4+ Years of experience working at the intersection of cloud infrastructure, open source and community building. A CNCF community member, GSoC contributor, and MLH pod leader, she has spoken at DevRelCon, etc. When she is not... Read More →
Wednesday June 10, 2026 2:25pm - 2:50pm IST
Convention Hall
  Building with MCP

2:25pm IST

The Stdio Deadlock Nobody Warned Us About: OS-Level Process Management for MCP - Yuvraj Pradhan, MIT ADT University & Archana Kumari, MIT ADT University
Wednesday June 10, 2026 2:25pm - 2:50pm IST
When we moved our multi-agent MCP system from REST to stdio transport, the protocol schema was not the problem. OS pipes have no safety nets.

When a model silently segfaults mid-inference, it does not send a JSON-RPC error. It just dies. The orchestrator sits blocked on a stdout.readline(), which never comes.

Then we hit the pipe buffer deadlock.

Inference engines are noisy. They dump token speeds and debug logs to stderr. If the orchestrator is waiting on stdout and ignoring stderr, the OS pipe buffer fills up to 64KB. The OS physically halts the model. The orchestrator waits for the model to finish. The model waits for the orchestrator to clear the pipe. Nobody moves.

To fix it we had to build async wrapper classes that continuously drain stderr into background loggers.

This talk covers what we learned:

- Draining stderr continuously or your process dies silently
- Managing SIGKILL and EOF lifecycles to flush sensitive data from RAM
- Replacing HTTP timeout assumptions with OS process management

If you are running MCP over stdio, this talk is the process management guide the MCP ecosystem has not written yet.
Speakers
avatar for Yuvraj Pradhan

Yuvraj Pradhan

AI Systems Engineer, MIT-ADT UNIVERSITY
Yuvraj Pradhan is an AI Systems Engineer specialising in cost-efficient GenAI and secure multi-agent architectures. He is the first author of research published in Springer Nature on architecting a 125M-parameter NanoLLM for STEM tasks that outperforms significantly larger models... Read More →
avatar for Archana Kumari

Archana Kumari

Ai Systems Developer, MIT ADT University
Archana Kumari is an AI Systems Developer building practical machine learning systems and edge AI applications. Her work spans LLMs, computer vision on embedded devices, and full-stack tooling with Python and Java. She has developed multi-agent reasoning frameworks and voice-assisted... Read More →
Wednesday June 10, 2026 2:25pm - 2:50pm IST
Scarlet 1
  MCP Protocol in Depth
  • Audience Experience Level Advanced
  • Session Slides Yes

2:25pm IST

Auditing MCP Tool Calls at the Kernel Level: eBPF as a Trust Boundary Enforcer - Harini Anand, IBM
Wednesday June 10, 2026 2:25pm - 2:50pm IST
As MCP servers exponentially proliferate, a critical question emerges: who audits what an LLM actually did when it invoked a tool?

Application-layer logs can be tampered with or missed. This talk argues that eBPF is the only tamper-resistant audit layer for MCP tool execution and shows you how to build it.

We walk through instrumenting an MCP server's syscall surface with bpftrace and cilium/ebpf: capturing every network egress triggered by a tool call, every file descriptor opened, every exec spawned, correlated back to the originating MCP request ID via process lineage tracking in BPF maps.

The result is an immutable, kernel-enforced audit trail that no application-layer bug or prompt injection can suppress.

We'll also cover using eBPF LSM hooks to enforce policy at call time, blocking tool invocations that attempt unexpected network destinations or file paths effectively making eBPF a runtime policy engine for MCP's threat model.

Attendees leave with a working threat model, reference eBPF programs, and a clear mental model for where kernel enforcement fits in MCP's trust architecture.
Speakers
avatar for Harini Anand

Harini Anand

SDE in Data & AI, IBM
SDE at IBM Data & AI, working on IBM watsonx™. Software Engineering Researcher at UIUC. Computational Cognition Researcher at Georgia Institute of Technology. Biomedical XAI Researcher at Dartmouth College.
Formerly at Niramai & IIT Hyderabad, researching ML for breast cancer and gene regulatory networks. Built cognitive tools for dementia prevention as a student entrepreneur. Google KaggleX Mentee, AWS Scholar, Harvard WE Tech Fellow, Oxford & MIT Summer School alumna and a Stanford... Read More →
Wednesday June 10, 2026 2:25pm - 2:50pm IST
Scarlet 2&3
  Security Identity + Trust

2:55pm IST

Agentic DX: Bringing Your IDP Into the IDE - Adnan Vahora & Rinkal Mav, Motorola Solutions
Wednesday June 10, 2026 2:55pm - 3:20pm IST
Platform engineering has a chicken-and-egg problem: the platform needs adoption to justify investment, but adoption requires onboarding that teams resist when deadlines are tight. Our internal developer platform hit this hard. It serves 4,000+ developers across clouds and managed Kubernetes, yet many teams found the portal too unfamiliar.
We solved it with a second entry point built on MCP. Instead of learning a new UI, developers get 30+ platform capabilities directly in IDE chat, from namespace provisioning and Helm deployments to cost analysis and access management. An MCP App renders forms in chat, developers approve and execute, and a first deployment can happen with almost no onboarding.
This session covers the production architecture: sandboxed iframe-based MCP Apps, Elicitation for structured write approvals, an Adaptive Tool Router that keeps 30+ tool schemas from flooding the context window, a split between deterministic Agent Skills and ReAct reasoning, and a safety layer with a sub-500ms kill switch plus delegated RBAC tied to existing permissions. Attendees leave with a practical blueprint for meeting developers where they already work.
Speakers
avatar for Adnan Vahora

Adnan Vahora

Software Engineer, Motorola Solutions
Adnan is a software engineer driving enterprise Agentic AI adoption at Motorola’s prestigious Emerging Tech Lab and Incubation Center. Supporting an infrastructure platform used by 5,000+ developers monthly, he leads the development of a composable agent framework that allows teams... Read More →
avatar for Rinkal Mav

Rinkal Mav

Software (AI/ML) Engineer, Motorola Solutions
Rinkal Mav is an AI/ML Engineer at Motorola Solutions, pushing the boundaries of Generative AI, LLMs, and deep learning to build impactful, real-world systems. A Gold Medalist from her grad days, she brings a bold, fearless approach to innovation - owning the stage at industry tech... Read More →
Wednesday June 10, 2026 2:55pm - 3:20pm IST
Scarlet 1
  Enterprise Adoption + Integration

3:25pm IST

Why Agents Make Different Decisions With the Same Tools - Jyoti Bisht & Animesh Pathak, Harness; Aditya Oberai, Appwrite
Wednesday June 10, 2026 3:25pm - 3:50pm IST
Scenario: Deploy an agent to production. Works 90% of time in testing. Month later: Claude model updates. Success rate drops to 70%. Why? Model change altered how tools are ranked.
You can't see this. You have no control. Your agent silently degraded.
This talk identifies sources of divergence:

Temperature/sampling: Agent with temp 0.7 calls Salesforce 60% of time. Temp 0 calls it 95%.
Model version: Claude 3.5 favors Salesforce (in training data). Opus 4.5 favors email (newer training). Same task, different choices.
Context truncation: Tool listed first in window = primacy bias (70% called). Tool listed last = recency bias (30%).
Tool schema order: Tools listed alphabetically vs. semantic order (query before create) changes success rate 25%.
Schema verbosity: Detailed descriptions make tools more likely to be selected than sparse ones.

Then proposes solution: Agent fingerprinting. Create deterministic test suite capturing baseline behavior. Before deploying new model/agent version: run fingerprint suite. If success rate drops 10%+, alert. Don't deploy.
Speakers
avatar for Animesh Pathak

Animesh Pathak

DevRel Engineer, Harness
avatar for Aditya Oberai

Aditya Oberai

Developer Relations Lead, Appwrite
Aditya Oberai is the Developer Relations Lead at Appwrite and an avid tech community and hackathon enthusiast. Having worked with various technologies such as APIs, web apps, cloud computing, etc., he has spent the last 6 years empowering tech communities and is a Microsoft MVP awardee... Read More →
avatar for Jyoti Bisht

Jyoti Bisht

Senior Developer Relations Engineer, Harness
Jyoti Bisht is a Senior Developer Relations Engineer with 4+ Years of experience working at the intersection of cloud infrastructure, open source and community building. A CNCF community member, GSoC contributor, and MLH pod leader, she has spoken at DevRelCon, etc. When she is not... Read More →
Wednesday June 10, 2026 3:25pm - 3:50pm IST
Scarlet 1
  Agent Architecture + Orchestration

3:25pm IST

When Agents Get SSH Keys: Securing Distributed AI Fleet With MCP - Mradul Dubey, ApraLabs
Wednesday June 10, 2026 3:25pm - 3:50pm IST
Agent security discussions focus on prompt injection and sandboxing. But when agents operate on real infrastructure - pushing to Git, executing code via SSH, starting cloud instances - every machine in the fleet carries its own keys, tokens, and credentials, multiplying the risk.

This talk presents the security architecture of apra-fleet, an open-source (Apache 2.0) MCP server that orchestrates AI agents across distributed machines:
- Credential lifecycle: provisioning LLM auth (OAuth, API keys), SSH keys, and Git tokens with automated key-pair migration
- Out-of-band credential entry: passwords collected via separate terminal, never exposed to the LLM. "LLM secure variables" for sensitive text
- Short-lived tokens: GitHub App mints scoped tokens with minute-level TTLs - a compromised session cannot reuse yesterday's token
- Role-scoped permissions: MCP tool constraints make violations structurally impossible - a doer agent cannot call the merge tool
- Encryption at rest

Grounded in production sprints across C++, Node.js, Python, and ML. Attendees leave with reusable patterns for securing multi-agent systems on real infrastructure.
Speakers
avatar for Mradul Dubey

Mradul Dubey

Senior Software Developer, ApraLabs
Mradul is a developer at Apra Labs with over 8 years of experience in ML, edge AI and computer vision. At Apra Labs, he works across the stack from embedded inference to cloud infrastructure. A natural skeptic, his recent focus has shifted to agentic AI - he co-architects to apra-fleet... Read More →
Wednesday June 10, 2026 3:25pm - 3:50pm IST
Scarlet 2&3
  Security Identity + Trust

4:20pm IST

Multilingual MCP: Making Tool Calling Work for the Next Billion Users - Samyuktha Mohan Alagiri, IBM
Wednesday June 10, 2026 4:20pm - 4:45pm IST
MCP's tool schema, server descriptions, and routing logic are overwhelmingly designed around English. That assumption quietly breaks when you build for users in Hindi, Tamil, Kannada, or Bengali.
This talk is a ground-up look at where MCP falls short for Indic language users and what it takes to fix it. The specific failure modes covered include: intent ambiguity in tool selection when queries arrive in transliterated or code-switched text, embedding models trained on English producing poor similarity scores for Indic-language tool descriptions, and response localization gaps where tool results are returned in English to users who queried in their native language.
The talk then presents concrete patterns for each problem, including translated and dual-language tool manifests, language-aware routing layers that sit between the user and the MCP client, and lightweight post-processing for localizing tool outputs. All patterns are demonstrated with working code from production voice agent systems built for Indian users.
With the MCP Dev Summit landing in Bengaluru, this is a timely and locally grounded conversation the ecosystem needs to have.
Speakers
avatar for Samyuktha M S

Samyuktha M S

Software Developer, IBM
Samyuktha is a Software Developer at IBM India Software Labs who loves building things that actually work in production, from voice agents and multilingual multi-agent pipelines to self-healing infrastructure using MCP, LangGraph, Claude, and Qdrant. A 13x hackathon winner including... Read More →
Wednesday June 10, 2026 4:20pm - 4:45pm IST
Scarlet 1
  Ecosystem Registries + Platform Infrastructure

4:50pm IST

Extending MCP: Writing Custom Protocol Extensions Without Breaking Compatibility - Saurabh Mishra, Optum/UnitedHealthGroup
Wednesday June 10, 2026 4:50pm - 5:15pm IST
MCP's real power lies not just in what it defines, but in what it leaves room for. As teams push MCP into production, the need to add custom capabilities streaming responses, domain-specific metadata, proprietary auth flows runs headfirst into the risk of breaking existing clients and servers.
This talk walks through the practical discipline of extending MCP without fracturing compatibility: how to use capability negotiation correctly, where to extend vs. where to fork, how to version custom extensions gracefully, and how to contribute extensions upstream without waiting for a spec cycle.
Real examples from building extensions in the wild what worked, what silently broke things, and what the spec doesn't yet have a good answer for.
Attendees leave with a working mental model for extension design and a checklist for evaluating whether a custom extension is safe to ship
Speakers
avatar for Saurabh Mishra

Saurabh Mishra

Lead DevOps Engineer, Optum (UnitedHealthGroup)
Saurabh Mishra is a Cloud Evangelist and architect dedicated to high-level automation and DevOps excellence. He actively engages with the global tech community, sharing insights on cloud-native technologies, security best practices and multi-cloud strategies.As an experienced speaker and mentor... Read More →
Wednesday June 10, 2026 4:50pm - 5:15pm IST
Scarlet 1
  MCP Protocol in Depth

5:20pm IST

Why We Built a CLI Instead of an MCP Server for Jupyter Notebooks — and What We Learned - Piyush Jain, AWS
Wednesday June 10, 2026 5:20pm - 5:45pm IST
Jupyter notebooks are essential for AI agents, yet the .ipynb JSON format is token-heavy and fragile for LLM manipulation. While an MCP server seemed like the obvious solution, we instead built nb—an open-source Rust CLI designed for agentic workflows.

This talk explores the design decisions behind nb and our move away from standard tool schemas:
- The Sentinel Format: Why line-oriented @@cell and @@output sentinels outperform deeply nested JSON for agent comprehension.
- Token Efficiency: How a single 800-token skills file replaced a complex MCP implementation, drastically reducing overhead.
- Content Hashing: Using SHA256 to solve output externalization and state management.
- Real-time Sync: Demonstrating collaborative editing via Y.js when bridged to a Jupyter server.

We’ll share benchmarks on task completion rates and token costs, and provide a clear framework for choosing between MCP servers and CLI-based skills. Attendees will learn when to leverage the simplicity of a CLI and when MCP’s multi-tenant auth and discovery are truly necessary.
Speakers
avatar for Piyush Jain

Piyush Jain

Principal Engineer, AWS
Piyush Jain is a Principal Engineer at AWS working on Jupyter and Agentic AI. He is a distinguished Jupyter contributor, a member of the Jupyter Server Council and founding member of Jupyter AI Contrib Github Org.
Wednesday June 10, 2026 5:20pm - 5:45pm IST
Scarlet 1
  Agent Architecture + Orchestration
  • Audience Experience Level Any
  • Session Slides Yes

5:20pm IST

Why Our AI Agent Couldn't Scale Without MCP — and How We Built It - Para Hitesh & Mohit Jichkar, Red Hat
Wednesday June 10, 2026 5:20pm - 5:45pm IST
Building an AI sales assistant means pulling data from everywhere , Salesforce for accounts, Snowflake for product catalogs, and internal KBs for pricing. We started by hardcoding each integration into the agent. It worked until every new data source meant rewriting agent code, duplicating auth logic, and redeploying everything. Tool definitions were tightly coupled, making it impossible to evolve the data layer independently.MCP changed everything. In this talk, I'll walk through how we built a production AI sales assistant using LangGraph connected to multiple MCP servers ,each wrapping a different backend, owned by a different team. I'll cover: why direct integrations become unmaintainable at 3+ sources; our reusable FastMCP server template that spins up domain-specific servers in days; how a user's SSO token flows end-to-end from agent through MCP to Snowflake OAuth with zero credential storage; why tool descriptions and agent prompts matter more than the protocol itself , and the patterns we developed (normalize-before-search, dynamic prompt injection) to make the LLM reliably pick the right tool; and what broke in production with real failures and real fixes.
Speakers
avatar for Mohit Jichkar

Mohit Jichkar

Senior Data Scientist, Red Hat
Mohit Jichkar is a Senior Data Scientist at Red Hat, where he builds AI-powered solutions. He has 7+ years of experience working across data science, machine learning, and AI. He has an M.Tech in Data Science and Engineering from BITS Pilani. He holds several US patents in AI based... Read More →
avatar for Para Hitesh

Para Hitesh

Senior Data Scientist, Red Hat
Hitesh Para is a Senior Data Scientist at Red Hat, where he builds AI-powered solutions . Prior to Red Hat, he spent over 4 years at Genpact specializing in NLP and Generative AI solutions. Hitesh holds a Google Professional Machine Learning Engineer certification, has published research... Read More →
Wednesday June 10, 2026 5:20pm - 5:45pm IST
Scarlet 2&3
  Building with MCP
  • Audience Experience Level Any
  • Session Slides Yes
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Audience Experience Level
  • Session Slides
  • Workshop
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.