MCP Dev Summit Bengaluru 2026: Full Schedule

June 9-10, 2026
Bengaluru, India
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit Bengaluru to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

10:55am IST

Workshop: From One Agent To a Fleet: Distributed Multi-Agent Workflows With MCP - Mansi Rathod, Apra Labs Pvt Ltd & Yashraj Singh, Apra Labs

Tuesday June 9, 2026 10:55am - 11:55am IST

Scarlet 1

**Space Limited - First Come, First Served. Please bring a fully charged laptop to the workshop**

A single coding agent is useful. Real engineering work spans multiple machines and repos, and coordination breaks the moment two agents cooperate. What does it take to build an MCP server that manages a fleet lifecycle from one conversation and enforces quality on output?

This workshop uses apra-fleet (Apache 2.0) as a worked example of pushing MCP into distributed agent coordination, with tool schemas encoding a doer-reviewer pattern and review gates.

Part 1, Server architecture: Transport selection (stdio vs HTTP) for long-running fleets, a strategy pattern abstracting SSH and local execution behind one tool surface, provider adapters for Claude, Gemini, and Codex, and git-backed session state for checkpointing.

Part 2, Fleet in action: A live sprint. Fleet registration, credential provisioning, task decomposition, doer-reviewer assignment, and parallel execution through review gates, via MCP tool calls.

Part 3, Failure modes: Agent crashes, SSH drops, reviewer rejections. Real failures triggered on stage, recovered from exact breakpoints using git state.

You'll leave with concrete patterns for building MCP servers that coordinate distributed agents, not just expose tools.

Speakers

Mansi Rathod

Senior Softwate Engineer, Apra Labs Pvt Ltd

Mansi Rathod is a Senior Software Engineer at Apra Labs with 5+ years of experience building production ML pipelines, hosting models, and shipping AI features in client software. Her work spans model deployment, infrastructure, and integration, currently focused on agentic AI systems... Read More →

Yashraj Singh

Sr Software Engineer, Apra Labs

Yashraj is a Senior Software Engineer with 5 years of experience building scalable, high-performance systems and intelligent software platforms. He specializes in MCP and enjoys creating ecosystems where AI agents, tools, and infrastructure work together seamlessly.Passionate about... Read More →

Tuesday June 9, 2026 10:55am - 11:55am IST
Scarlet 1

Agent Architecture + Orchestration

Audience Experience Level Intermediate

11:20am IST

Intelligence Placement Patterns for MCP-Connected Agent Systems - Giri Venkatesan, Solace

Tuesday June 9, 2026 11:20am - 11:45am IST

Convention Hall

MCP standardizes how tools are described and invoked, but not what they should return. That leaves a critical decision open: whether an MCP tool returns raw data, shared state, or decisions. That choice determines where intelligence lives.

This talk presents three placement patterns in MCP tool design. Centralized Intelligence treats tools as data sources, returning raw inputs agents must interpret. Streaming Intelligence exposes pre-processed state so agents operate on shared context. Edge Intelligence pushes decisions into tools, with MCP delivering opinionated outputs rather than raw inputs.

These patterns produce fundamentally different behavior across tool call volume, context window usage, latency, and failure modes. In multi-agent systems they determine whether agents converge or diverge: raw data per agent leads to inconsistent reconstruction; shared state or decisions make coherence a property of the architecture itself.

This talk introduces a practical decision framework for MCP tool design based on data volatility, agent reuse, and consistency requirements.

MCP is a tool contract. Intelligence placement is the architectural decision it doesn't make for you.

Speakers

Giri Venkatesan

Principal Developer Advocate, Solace

Giri Venkatesan is a Developer Advocate and Architect at Solace, focused on agentic AI, event-driven architecture, and enterprise integration. With decades of experience, he helps organizations design autonomous AI agents that reason and act across distributed systems, using events... Read More →

Tuesday June 9, 2026 11:20am - 11:45am IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

11:20am IST

From Alert To Revert: One MCP 500+ Tools for Production Triage and Real-world DevOps - Avinash Kumar Lodhi, Coursehero

Tuesday June 9, 2026 11:20am - 11:45am IST

Scarlet 2&3

What happens when your on-call agent can read Datadog metrics, tail logs in groundcover, pull pod state from Kubernetes, and grep GitLab for the commit that broke prod, all in one conversation? At Learneo we built one MCP endpoint that does that across 11 upstream servers, 518 indexed tools, and can manage multiple AWS accounts credentials. It changed how we triage incidents.
I'll walk a synthetic incident end to end, with redacted screenshots from real ones, showing the agent go from alert to MR to revert.

Key Takeaways:

- Context: meta-tools and BM25 search keep the agent at about 1.5k tokens, not 500 schemas, and it pulls what it needs on demand
- Routing: a company overview shipped as MCP instructions on connect points the agent at the right cluster and Jira project before it picks a tool
- Memory: an agent-maintained company wiki for org structure, data models, and playbooks. The agent reads it and writes back what it learns
- Security: centralized credentials and a write denylist so the agent can read everything without breaking anything

Attendees will leave understanding both the value and the architecture for turning MCP into production-grade agent infrastructure.

Speakers

Avinash Kumar Lodhi

Staff Software Engineer - Devops, CourseHero

Avinash Kumar Lodhi is a Staff DevOps Engineer on the Course Hero Platform team. His job is to automate and manage things on a large scale. He started as a tester at Teradata ten years ago, then moved to DevOps. He worked at Sprinklr and then at Meesho, moving 500+ microservices from... Read More →

Tuesday June 9, 2026 11:20am - 11:45am IST
Scarlet 2&3

Enterprise Adoption + Integration

Audience Experience Level Intermediate

11:45am IST

Context-Aware MCP Servers for Small Language Models - Vivek Mankar, Anto Ajay Raj John, Stuti Sinha, Reeva Nanda, Nethra Khandige, Pradipta Ghosh, IBM

Tuesday June 9, 2026 11:45am - 12:10pm IST

Scarlet 2&3

Small Language Models are great for edge and cost-sensitive deployments, but struggle with limited context windows. This talk shows how MCP servers can act as an external memory and context orchestration layer for SLMs. Based on a survey of 25+ long-context reasoning techniques, we demo concrete implementations: episodic memory with surprise-based retrieval (EM-LLM-inspired), and a dynamic context orchestrator that picks between RAG, summarization, and sliding-window strategies based on query type and model capacity. This is a builder's guide to making small models punch above their weight via smart MCP-based context engineering.

Speakers

Nethra Khandige

AI Engineer, IBM

Nethra Khandige is an AI Engineer at IBM, working on the PyTorch ecosystem, AI inference optimization, and context-aware AI systems. Backed by a strong research foundation, including published work in malware detection, neural network inference, deep reinforcement learning with published... Read More →

Stuti Sinha

Software Engineer, IBM

Stuti Sinha is a researcher and developer focused on the intersection of model efficiency and AI safety. With a background in Python, Java, and C++, she specializes in the PyTorch ecosystem, specifically optimizing Long Context Reasoning and architecture for Small Language Models... Read More →

Reeva Nanda

Software Engineer, IBM India

Reeva Nanda is an AI and ML enthusiast with strong theoretical foundations in generative AI, deep learning, and neural network architectures. Deeply passionate about the mathematics underpinning modern AI , particularly linear algebra and its role in model design, she holds a focused... Read More →

Pradipta Ghosh

AI Software Architect, IBM

Vivek Mankar

Staff AI Engineer, IBM LABS ( ISDL )

Vivek Mankar is an AI Software Engineer specializing in high-performance AI inference systems and scalable cloud software. Operating at the intersection of deep learning and systems engineering, his work focuses on the PyTorch ecosystem, LLM serving, and MLOps automation. Backed by... Read More →

Anto Ajay Raj John

AI Engineering Manager, IBM

Anto John is a senior manager for AI with industry experience of 20 years. He has been working on AI projects for the past 10 years in various capacity. He was one of the core team members of the IBM BlueGene/Q supercomputer. He was the performance architect for IBM Power Systems... Read More →

Tuesday June 9, 2026 11:45am - 12:10pm IST
Scarlet 2&3

Building with MCP

Audience Experience Level Intermediate

11:45am IST

OWASP MCP Top 10: A Practical Security Guide for MCP Builders - Sankalp Sandeep Paranjpe, Big4 Consulting Firm; Dheeraj Choudhary, AWS

Tuesday June 9, 2026 11:45am - 12:10pm IST

Convention Hall

MCP adoption has outpaced security. An audit of 17 popular MCP servers found an average security score of 34 out of 100. Tool poisoning attacks succeed at 84.2% with auto-approval enabled. Over 30 CVEs have been filed against MCP implementations in the past 60 days. The first confirmed malicious MCP server, postmark-mcp, silently BCC'd every outgoing email to an attacker-controlled address for weeks before detection.

OWASP responded with the MCP Top 10, a structured threat taxonomy purpose-built for the protocol. This talk is a practitioner's walkthrough of all ten risks, not a slide-read, but a builder's guide to what each risk looks like in a real MCP deployment, how it gets exploited, and what a concrete fix looks like in code.

We cover token mismanagement and secret exposure, prompt injection via tool responses, tool poisoning through malicious descriptions, excessive permissions, insecure output handling, context over-sharing, missing authentication, rug-pull attacks, shadow MCP servers, and the audit trail gap.

Leave with a pre-deployment security checklist you can run against any MCP server before connecting it to production.

Speakers

Dheeraj Choudhary

AWS Hero, AWS

Sankalp Sandeep Paranjpe

Cloud Security Consultant, '-

Sankalp Sandeep Paranjpe is a DevSecOps Engineer and cloud security practitioner. He speaks at community and security events on practical DevSecOps and Kubernetes security topics. He volunteers with AWS User Group Pune and contributes to the cloud-native community through talks, workshops... Read More →

Tuesday June 9, 2026 11:45am - 12:10pm IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

12:10pm IST

Designing a Control Plane for Agentic Systems Using MCP - Malepati Bala Siva Sai Akhil, Couchbase

Tuesday June 9, 2026 12:10pm - 12:35pm IST

Scarlet 2&3

As MCP-based systems grow in complexity, standardizing tool interaction alone is not enough to ensure reliable execution.

This talk introduces a control-plane perspective for MCP-based systems, grounded in distributed systems principles such as scheduling, retries, idempotency, and fault isolation. Coordinating multi-step workflows across MCP servers introduces challenges such as partial failures, inconsistent state, and retry behavior that can escalate under load.

The focus is on how a control plane actively manages execution, including deciding when and how tool calls are made, handling failures dynamically, and coordinating workflows across multiple services. It also examines how centralized control improves reliability and consistency in complex MCP-based systems.

Attendees will gain concrete mental models for building scalable and reliable MCP-based systems.

Speakers

Malepati Bala Siva Sai Akhil

Principal Software Engineer, Couchbase

Principal Software Engineer at Couchbase with 10+ years building distributed systems, AI infrastructure and cloud-native platforms across Intel, VMware, and Huawei. IEEE Computing Top 30 (2024) and Intel Distinguished Inventor Award recipient for work in security, distributed systems... Read More →

Tuesday June 9, 2026 12:10pm - 12:35pm IST
Scarlet 2&3

Agent Architecture + Orchestration

Audience Experience Level Intermediate

12:10pm IST

From SSE To Streamable HTTP: What Actually Changed in MCP's Transport Layer and Why You Should Care - Animesh Pathak, Harness Inc

Tuesday June 9, 2026 12:10pm - 12:35pm IST

Convention Hall

When I started building MCP-powered agents and Claude Skills at Harness, I kept running into weird transport issues, connections dropping behind load balancers, SSE endpoints behaving differently across clients, tutorials that contradicted the actual spec. Turns out, MCP's transport layer had quietly gone through a major overhaul and most of the content out there hadn't caught up.

In this talk, I'll walk through MCP's transport journey, stdio for local tooling, the dual-endpoint SSE model that powered early remote servers, and the Streamable HTTP design that replaced it in the March 2025 spec update. More importantly, I'll explain why each shift happened: the scaling headaches SSE caused, the connection recovery gap, and the auth/CORS simplifications that Streamable HTTP unlocked.

I'll share code from actual migrations I've worked through, what breaks when you switch, what gets simpler, and the backward-compatibility gotchas that the docs don't warn you about. If you're building or maintaining MCP servers today, this should save you a few weekends of debugging.

Speakers

Animesh Pathak

DevRel Engineer, Harness

Animesh Pathak is a Developer Relations Engineer with a strong focus on Database DevOps, APIs, testing, and open-source innovation. Currently at Harness, he plays a key role in building and evangelizing scalable DBDevOps workflows, bridging the gap between developers and data teams... Read More →

Tuesday June 9, 2026 12:10pm - 12:35pm IST
Convention Hall

MCP Protocol in Depth

Audience Experience Level Intermediate

3:20pm IST

Voice-First MCP: Real-Time Tool Calling Through a Spoken Interface - Samyuktha Mohan Alagiri, IBM

Tuesday June 9, 2026 3:20pm - 3:45pm IST

Convention Hall

Every MCP demo assumes text in and text out. This talk explores what actually happens when you replace the text interface with a live voice stream.
Connecting a real-time voice pipeline to an MCP-backed agent introduces problems that the current MCP ecosystem has no established answers for. This talk walks through them one by one: end-of-turn detection and how tool-calling latency affects perceived conversational fluency, interruption handling when a user speaks while a tool is executing, tool result verbalization where structured JSON responses need to be narrated naturally without losing meaning, and error communication when a tool fails mid-conversation.
The talk is grounded in a working system built with a real-time voice layer, Sarvam AI for speech processing, and MCP-connected agents handling live tool calls. Attendees will see a live demo and leave with an architectural blueprint for voice-first MCP agents, including the specific latency budgets, buffering strategies, and verbalization patterns that make the experience feel natural rather than robotic.
This is a frontier that very few builders have shipped in production.

Speakers

Samyuktha M S

Software Developer, IBM

Samyuktha is a Software Developer at IBM India Software Labs who loves building things that actually work in production, from voice agents and multilingual multi-agent pipelines to self-healing infrastructure using MCP, LangGraph, Claude, and Qdrant. A 13x hackathon winner including... Read More →

Tuesday June 9, 2026 3:20pm - 3:45pm IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

3:20pm IST

Workshop: Hands-on Lab: Bridging OpenClaw and MCP for Autonomous Cross-Cloud Operations - Paras Mamgain & Anmol Krishan Sachdeva, Google; Indumathy Thisgarajan, Wells Fargo

Tuesday June 9, 2026 3:20pm - 4:20pm IST

Scarlet 1

**Space Limited - First Come, First Served. Please bring a fully charged laptop to the workshop**

Scaling autonomous agents across multi-cloud infrastructure is currently a mess of proprietary SDKs and brittle "glue code." This workshop provides a technical build-path to standardize operations using orchestration frameworks (like OpenClaw) and the Model Context Protocol (MCP) as a provider-agnostic abstraction layer. We will move beyond theoretical planning to build a functional "Agentic SRE" control plane that decouples reasoning from execution across AWS and GCP.

Implementation Workflow:

- Initialization: Bootstrapping the pre-configured DevContainer and linking the orchestration engine to the local MCP server environment to establish the communication backbone.

- Resource Abstraction: Developing stateless MCP Resources and Tools to discover VPC and compute metadata across disparate cloud providers, replacing $O(N)$ proprietary dependencies with an $O(1)$ protocol interface.

- Identity Implementation: Configuring Workload Identity Federation (OIDC) to securely propagate agent context.

- Guardrail Integration: Coding a protocol-level interceptor

- Closing & Validation: Running a live "Drift-to-Remediation" loop where the agent identifies a security anomaly.

Speakers

Paras Mamgain

Technical Lead Manager, Google

Paras is a Technical Lead Manager at Google, where he leads a team dedicated to simplifying complex cloud solutions. Drawing on his strong foundation in cloud solutions and backend development, he guides his team in architecting scalable and resilient infrastructure. Paras is also... Read More →

Indumathy Thiagarajan

Technology Enthusiast, Wells Fargo

Software Engineer with more than a decade of experience on multiple technology stacks and domains

Anmol Krishan Sachdeva

Senior Hybrid Cloud Architect, Google

Anmol (a.k.a. "greatdevaks") is a seasoned International Tech Speaker (delivered 80+ talks globally), a Distinguished Guest Lecturer, an Adjunct Professor, a conference organizer, and has published several notable papers. He works at Google and focuses on Emerging Technologie... Read More →

Tuesday June 9, 2026 3:20pm - 4:20pm IST
Scarlet 1

MCP Protocol in Depth

Audience Experience Level Intermediate

3:45pm IST

Putting MCP on a Diet: A Proxy for Tool Scoping and Context Compression - Prathamesh Saraf, Truefoundry

Tuesday June 9, 2026 3:45pm - 4:10pm IST

Convention Hall

Connect three MCP servers and 55,000 tokens are consumed before the agent reads the user's query. Perplexity's CTO called this out at Ask 2026. Cloudflare measured 244,000 tokens for their API surface. The protocol isn't the problem. The "load everything upfront" pattern is.

FastMCP Code Mode solves this server-side, but requires the server author to opt in. Most MCP servers in the wild will never add it.

I'm currently building mcp-guardian, an open-source Python proxy that addresses this for any server, unmodified. It will do two things:

1. Tool scoping: filter tools/list against a YAML config so agents only see allowed tools. delete_repo won't exist in the agent's world.

2. Progressive disclosure: expose three meta-tools (search_tools, get_schema, execute_tool) instead of full schemas. Agents will start at ~300 tokens instead of ~8,000 and load schemas on demand.

I'll live-demo: direct connection (14 tools, ~8,000 tokens) vs through the proxy (3 meta-tools, ~300 tokens). I'll walk through the JSON-RPC interception, share token benchmarks, and compare with Code Mode. They're complementary, not competing.

The project will be open source.

Speakers

Prathamesh Saraf

Sr. Forward Deployed Engineer, Truefoundry

Prathamesh Saraf is a Sr. Forward Deployed Engineer at TrueFoundry, where he helps enterprises and startups build LLM and AI agent systems. He is the author of "My Adventures with Large Language Models," a technical book on building LLM architectures from scratch in PyTorch, covering... Read More →

Tuesday June 9, 2026 3:45pm - 4:10pm IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

5:15pm IST

MCP Resources Are Already a Knowledge Graph - You Are Just Not Reading the Headers - Kesigan Anbalagan, Comcast

Tuesday June 9, 2026 5:15pm - 5:40pm IST

Convention Hall

Most retrieval systems ignore the structure MCP Resources already provide unique URIs, typed links, version metadata, timestamps and flatten everything into vector chunks. GraphRAG proved retrieval needs relational structure; MCP already has it natively.
This talk demonstrates with a live adversarial demo: a vanilla RAG agent and a Resource-graph agent answer the same questions against the same corpus. RAG works on single-hop queries. It confidently returns stale data when a superseded document exists. The graph agent catches the version conflict using last-modified metadata that was already there. When the graph has a broken link, it reports the dead end instead of hallucinating.
A hop-count benchmark across seven questions (1–5 hops) makes the gap measurable: at three hops, RAG hit rate dropped to 50% while graph traversal held at 100%.
The primary deliverable is a draft cross-reference metadata convention four optional fields (superseded_by, depends_on, implements, compliance_scope) that any MCP Resource provider can add without breaking existing consumers. The goal: make knowledge as navigable for AI agents as hypertext made the web for people.

Speakers

Kesigan Anbalagan

Principal Engineer, Comcast India Engineering Center LPP

I am Kesigan Anbalagan technology leader and AI enthusiast with extensive experience in cloud-native solutions, developer experience platforms, and enterprise AI integration. As part of the Central DevX team at Comcast, he focuses on embedding AI across the software development lifecycle... Read More →

Tuesday June 9, 2026 5:15pm - 5:40pm IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

5:15pm IST

MCPeek Into Your Server's Secrets - Akash Sathish, Sahaj Software

Tuesday June 9, 2026 5:15pm - 5:40pm IST

Scarlet 2&3

Most "MCP security scanners" are wrappers around npm audit and regex keyword rules. A November 2025 research survey showed 0% detection on TypeScript servers because the underlying tools never parse the AST and two-thirds of public MCP servers ship in TypeScript.

This talk walks through building an AST pipeline using ts-morph that catches what keyword rules miss: path traversal through fs wrapper functions, command injection even when the command is assembled across intermediate variables, SSRF through aliased URL parameters, and tool handlers registered without any schema validation. The key technical contribution is multi-pass taint tracking following a user parameter through variable aliases before reaching a dangerous sink, which eliminates the false-negative class that makes regex rules useless. Audited against more than 50 MCP servers.

Attendees leave with:
(1) the open-source MCPeek ruleset to drop into CI,
(2) a decision framework for choosing SAST depth per vulnerability class,
(3) the taint-tracking pattern for building MCP-aware rules in any language.

Link to MCPeek: https://github.com/iamakash-06/MCPeek
NPM Package: https://www.npmjs.com/package/mcpeek

Speakers

Akash Sathish

Solution Consultant, Sahaj Software

I'm a Solution Consultant at Sahaj Software in Chennai. I've been neck-deep in MCP, AI-Assisted Development, and agentic architectures since before they had proper names. I've spoken at GitTogether 2025, The Fifth Elephant 2025, and six other conferences across AI-assisted development... Read More →

Tuesday June 9, 2026 5:15pm - 5:40pm IST
Scarlet 2&3

Security Identity + Trust

Audience Experience Level Intermediate

5:15pm IST

Workshop: Enabling MCP at Enterprise Scale: Navigating Authentication and Governance Challenges - Shannon Williams & Chris Urwin, Obot AI

Tuesday June 9, 2026 5:15pm - 6:15pm IST

Scarlet 1

**Space Limited - First Come, First Served. Please bring a fully charged laptop to the workshop**

Enterprise adoption of the Model Context Protocol is accelerating — but the path from "MCP works on my laptop" to "MCP running securely across our organization" is windy and challenging.
Building MCP servers isn't particularly hard. The real challenges are OAuth, identity sprawl, and the governance requirements your security team will eventually land on your desk.
MCP servers should focus on tools, resources, and prompts — not rebuilding OAuth infrastructure from scratch every time. A dedicated identity and governance control plane absorbs that complexity once, rather than forcing every server to solve it independently.
In this workshop, we will:
1. Demonstrate how to integrated MCP servers with identity management tools
2. Show how to tailor MCP authorization by groups and policies.
3. Work through real governance scenarios by filtering MCP calls for PII or code injection.
4. Demonstrate how MCP traffic can be captured via an MCP gateway and used for compliance, monitoring and observability.

You'll leave with a clear picture of the architectural decisions ahead of you, and a better sense of what your security team is going to ask for before they sign off on scaling MCP adoption.

Speakers

Shannon Williams

President, Obot AI

I am the President and co-founder of Obot AI, and have been building open source software for the last 20 years. Prior to starting Obot, I co-founded Cloud.com (creator of CloudStack) and Rancher Labs (creator of Rancher, k3s, Longhorn, etc). I was a board member of the CNCF for 4... Read More →

Chris Urwin

VP of Field Engineering, Obot AI

Chris Urwin is VP of Field Engineering at Obot AI and a veteran engineering leader. With deep hands-on experience in cloud‑native platforms, Kubernetes, containers, CI/CD, and developer tooling, he builds and scales global technical teams. Chris bridges product, engineering, and... Read More →

Tuesday June 9, 2026 5:15pm - 6:15pm IST
Scarlet 1

Enterprise Adoption + Integration

Audience Experience Level Intermediate

5:40pm IST

MCP Servers on Kubernetes: Deployment Patterns, Scaling, and What Breaks - Kunal Das, Cast Ai

Tuesday June 9, 2026 5:40pm - 6:05pm IST

Scarlet 2&3

Most MCP talks focus on the protocol or the AI side. This one is about the infrastructure underneath.
I run MCP servers on Kubernetes, and I've hit enough weird failure modes to have opinions about it. This talk covers how to deploy MCP servers as containerized workloads: health checks that actually make sense for long-lived agent connections, resource limits that don't starve your servers mid-conversation, and what happens when an agent decides to call 200 tools in a loop.
I'll walk through deployment patterns I've tested. Sidecars vs standalone pods, service mesh routing for multi-tenant setups, and HPA configurations that don't flap every time an agent goes quiet. I'll also cover the stuff that broke: connection drops during rolling updates, memory leaks from unbounded context, and the time a misconfigured liveness probe took down every MCP server in the cluster.
Expect a live demo on a real cluster, real YAML, and zero slides about what MCP stands for.

Speakers

Kunal Das

Developer Advocate, Cast Ai

Kunal Das is a Developer Advocate at CAST AI, based in Bangalore. He works on cloud cost optimization and spends most of his time figuring out why Kubernetes clusters waste so much money. He organizes CNCF community chapters in Mumbai and Kolkata, runs the HashiCorp User Group Bangalore... Read More →

Tuesday June 9, 2026 5:40pm - 6:05pm IST
Scarlet 2&3

Ecosystem Registries + Platform Infrastructure

Audience Experience Level Intermediate

5:40pm IST

When MCP Meets Reality: Performance, Latency, and the Hidden Cost of AI Orchestration in Enterprises - Partha Sarthy, Applied Materials

Tuesday June 9, 2026 5:40pm - 6:05pm IST

Convention Hall

MCP enables powerful AI-driven workflows — but production enterprise systems have SLAs, throughput contracts, and years of performance tuning. Wiring a reasoning loop into that environment reveals costs that don't show up in demos: latency amplification from sequential tool invocations, data movement overhead across system boundaries, schema drift, and observability gaps that span model reasoning and distributed backends.

This talk takes a systems-engineering lens to MCP in enterprise-scale data platforms. We formalize the MCP execution pipeline, identify where overhead accumulates, and present architectural patterns that contain the cost — including isolating orchestration from hot paths, fronting high-performance backends with thin MCP adapters over gRPC, and tracing multi-step workflows end to end.

The central argument: MCP belongs on the control plane, not the data plane. Enforce that boundary, and you gain adaptive orchestration without sacrificing reliability. Cross it, and predictability erodes fast. Attendees leave with a latency model, a failure-mode taxonomy, and a practical framework for deploying MCP in production — deliberately, not by accident.

Speakers

Partha Sarthy

Software Engineer, Applied Materials

I am a Software Engineer at Applied Materials working in the HPC and AI domain. I have a cumulative experience of close to 8.5 years and have served in companies like HPE, Juniper and Cisco. I am also an active member of IEEE and have presented in Conferences relating to Solid State... Read More →

Tuesday June 9, 2026 5:40pm - 6:05pm IST
Convention Hall

Enterprise Adoption + Integration

Audience Experience Level Intermediate

6:05pm IST

MCP + Kubernetes: Building a Self-Healing AI Platform (Not Just Pipelines) - Raghu Reddy, Calix & Esakki Raj E, Cisco

Tuesday June 9, 2026 6:05pm - 6:30pm IST

Scarlet 2&3

Most teams treat MCP as a pipeline, and that is the problem. Pipelines fail silently. They have no concept of desired state, no reconciliation loop, and no recovery path when a model times out or a tool call returns garbage. You are essentially writing bash scripts with an LLM in the middle.

Kubernetes already solved this. The operator pattern gives you level-triggered reconciliation, retry logic with backoff, and declarative desired state baked into the control plane. Combine that with MCP's tool abstraction and you stop writing pipelines and start building platforms where AI workflows are first-class resources that the cluster actively keeps healthy. GitOps via ArgoCD means your model routing, fallback configurations, and tool permissions are version-controlled, auditable, and promotable across environments like any other workload.

We will cover: modeling MCP workflows as Kubernetes custom resources, building operators that reconcile AI workflow state including fallback model selection and tool availability, wiring ArgoCD to manage MCP server deployments and configuration drift, and the observability hooks you need to actually trust that self-healing fired correctly.

Speakers

Esakki Raj E

Senior AIOps Engineer, Cisco

Experienced Site Reliability Engineer (SRE) and MLOps specialist with over 9+ years of practical experience in designing, implementing, and managing cloud-based infrastructure and services. Proven track record in architecting and scaling large-scale AI/ML infrastructure on Kubernetes... Read More →

Raghu Reddy

Staff Platform Engineer (Security), Calix Inc

Raghu is a Staff Platform Engineer (Security) at Calix Inc. , where he secures Kubernetes infrastructure powering AI and MLOps workloads across multiple clusters.
With over 10 years in Platform Engineering and Security. Applying supply chain security, runtime hardening, and policy... Read More →

Tuesday June 9, 2026 6:05pm - 6:30pm IST
Scarlet 2&3

Agent Architecture + Orchestration

Audience Experience Level Intermediate

6:05pm IST

When Dashboards Lie: Building MCP Tools That Chase Down the Truth - Hrittik Roy & Saiyam Pathak, vCluster

Tuesday June 9, 2026 6:05pm - 6:30pm IST

Convention Hall

Dashboards lie. Not maliciously, structurally. Aggregation hides the tenant on fire. Sampling drops slow requests. The p99 looks fine because 47 users who timed out are a rounding error. Every SRE has lived this: green screen, Slack on fire, hunting across five tools to find what the dashboard refused to show.

This is a field report from building MCP tools that do the hunting. The agent does not replace the SRE. It does the grunt work nobody has time for at 3 AM: pulling exemplar logs for the slowest 0.1 percent, correlating a deploy against error rates, checking if the metric was even reporting.

1. Why dashboards lie. Sampling, aggregation, the "aggregate green, individual red" pattern.
2. MCP tool design for truth-seeking. Read-only vs side-effecting split, partial-data schemas, outputs that make the model admit uncertainty instead of hallucinating "all good."
3. Correlation loops that work. Deploy to error rate to exemplar logs to suspected change, not seventeen tabs.
4. Guardrails from production. Prompt injection in logs, cost blow-ups, tools we took back after one bad incident.

Attendees leave with patterns for MCP tools that chase down what dashboards will not show.

Speakers

Saiyam Pathak

Head of Developer Relations, vCluster

Saiyam is working as Head of DevRel at vCluster. He is the founder of Kubesimplify, focusing on simplifying cloud-native & AI infrastructure. He is Kubecon Co-chair and has worked on many facets of Kubernetes, including machine learning platforms, scaling, multi-cloud, & managed Kubernetes... Read More →

Hrittik Roy

TPME, vCluster

Hrittik is a Platform Advocate at Loft Labs and a CNCF Ambassador, with expertise in cloud native technologies and open source communities. He has contributed extensively to developer advocacy, technical writing, and community engagement. Hrittik has been a featured speaker at events... Read More →

Tuesday June 9, 2026 6:05pm - 6:30pm IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

11:00am IST

From Intent To Production: MCP Gateway Patterns for Regulated Banking - Hariskumar Panakkal, Wipro

Wednesday June 10, 2026 11:00am - 11:25am IST

Convention Hall

I spent the last year building agentic systems with MCP and MCP Gateway, and want to share what I learned — especially the things you only hit when you try to build for a real, regulated domain.

The build is a four-part system: a React portal, a LangGraph agent, Microsoft MCP Gateway as the front door, and a FastMCP server with 19 tools behind it. This talk walks through how the pieces fit together and the specific patterns that worked.

What I'll cover:

- How I structured MCP tools with Pydantic schemas, idempotency keys, and correlation IDs that travel through every layer
- Why my first three gateway deployments failed and how the mcp-session-id header fixed stateful tool routing through MCP Gateway
- A simple tool wrapper pattern that keeps sensitive data like SSN out of the LLM context while the agent still reasons about the workflow
- Why I made consent its own MCP tool with a signed receipt instead of bundling it into submit
- Three gaps I hit in MCP and the gateway and how I worked around them — honest notes for the community

If you're building with MCP and MCP Gateway and heading toward anything production-grade, these are the patterns I wish I'd had going in.

Speakers

Hariskumar Panakkal

Distinguished Member of Technical Staff (DMTS) and Enterprise Architect, Wipro

Hariskumar Panakkal is an Enterprise Architect and Distinguished Member of Technical Staff (DMTS), recognized with the 2025 Most Valuable Technologist (MVT) award. With a background in cloud transformation and responsible AI, he has spent the last year building agentic systems on... Read More →

Wednesday June 10, 2026 11:00am - 11:25am IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

11:00am IST

"Allowed To" Is Not Enough: Access Control That Understands What Your Agent Is Actually Doing - Tejas Ladhani, Motorola Solutions Inc & Chandrashekar Haleupparahalli, Motorola Solutions

Wednesday June 10, 2026 11:00am - 11:25am IST

Scarlet 1

Every agent today answers one question at the auth layer: is this agent allowed to do this? Wrong question. The real one: is it doing something consistent with what the user asked - right now, in this step?

These aren't the same, and the gap is where things break.

Today's auth was built for humans logging into apps: roles and scopes that persist regardless of what the agent is actually attempting. Tell an agent to "read this PDF and send the pointers to my team." The PDF hides an instruction: also forward the thread to an external address. The agent fires two sends - one legit, one exfiltration. Same token. Same checks. Role-based auth can't tell them apart because it never knew the agent's job.

This talk closes that gap. We'll trace why every prior access model assumed a stable human actor - and why that collapses when agents delegate to agents. We'll introduce Intent-Based Access Control: decisions that reflect not just what an agent may do, but what it's trying to do right now. We'll cover emerging standards like transaction tokens and richer auth context, plus concrete steps to ship intent-aware access in MCP flows today.

Speakers

Chandrashekar Haleupparahalli

Engineering Manager, Motorola Solutions

Engineer Manager of Identity and Access Management, Solving

Tejas Ladhani

Software Engineer 2, Motorola Solutions Inc

Tejas Ladhani is a Software Engineer at Motorola Solutions, architecting Agentic AI for mission-critical public safety. He specializes in high-stakes systems where security is foundational and downtime has real-world consequences, from unifying enterprise identity layers to slashing... Read More →

Wednesday June 10, 2026 11:00am - 11:25am IST
Scarlet 1

Security Identity + Trust

Audience Experience Level Intermediate

11:25am IST

Building Interactive Tools With MCP Elicitation - Ashwin Hariharan, Redis

Wednesday June 10, 2026 11:25am - 11:50am IST

Convention Hall

Most of us think of agent tools as vending machines - you put in the right input, you get the right output. Put in the wrong input, and you either get the wrong output or nothing at all.

This breaks for complex workflows where context is incomplete or intent is ambiguous. The tool either guesses wrong or fails outright. No back-and-forth, no clarification. Good AI tools built for conversation should explain what they need, what they'll do, and provide clear options.

In this session, we’ll look at how MCP elicitation works in practice across different workflows: covering ambiguous input, missing context, risky operations, and auth flows. Attendees will leave with concrete patterns for designing tools that go beyond transactional APIs to collaborative multi-turn interactions.

Speakers

Ashwin Hariharan

Developer Advocate, Redis

Ashwin Hariharan is a Developer Advocate at Redis, with over eight years of experience as a full-stack software engineer. He's passionate about making complex ideas simple, helping developers build faster, more reliable systems, and understand the "why" behind the tools they use.
... Read More →

Wednesday June 10, 2026 11:25am - 11:50am IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

11:25am IST

SEO for Agents: Designing MCP Endpoints That Let Agents Evaluate Each Other Before Transacting - Manav Agarwal, Dream11

Wednesday June 10, 2026 11:25am - 11:50am IST

Scarlet 1

When humans hire someone, they ask questions first. Check reviews, compare, negotiate. AI agents can't do any of this.

An MCP flight booking server says: "I book flights." Another agent can't ask: How many routes? Success rate? Can you get business class upgrades?

I tore down top MCP servers across mcp.so, Smithery, Glama, PulseMCP. The #1 server has 52K stars but exposes 47 capabilities with zero verifiable metrics. Tool schema: 1,020 tokens of bloat.

The problem: MCP tool schemas describe WHAT but not HOW WELL. No capability layer for agents to evaluate each other before committing.

What's needed — structured capability endpoints:

"I book flights"
→ 147 routes, 96.2% completion, 23% avg savings
→ Business class upgrades: 340 secured, 41% success
→ Savings by route queryable, methodology documented
→ Full transaction log for independent verification

Exposed as MCP resource endpoints —
capability/summary returns structured metrics, capability/evidence/{tool} returns methodology, capability/raw/{tool} returns verifiable logs.

I'll show real endpoint teardowns, what's missing from tool schemas, and a draft capability-metadata spec builders can implement.

Speakers

Manav Agarwal

Founder & Independent Researcher, AgentProof

Creator of AgentProof, an independent benchmarking and trust analysis project for AI agents. Mapped 10 agent directories containing 1.24M+ listings, deep-dived 3 agent categories, and health-checked 65+ MCP servers. Previously analyzed 14 agentic payment protocols (x402, Stripe ACP... Read More →

Wednesday June 10, 2026 11:25am - 11:50am IST
Scarlet 1

Security Identity + Trust

Audience Experience Level Intermediate

3:20pm IST

Skills Are Not MCP Servers: When To Use Which (and How To Make Them Work Together) - Animesh Pathak & Jyoti Bisht, Harness Inc

Wednesday June 10, 2026 3:20pm - 3:45pm IST

Convention Hall

There's a running argument in the AI tooling world right now do you need MCP servers, or can you just use Skills? I've been on both sides of this. At Harness, I've built Claude Skills for DevOps workflows and worked with our MCP server that wraps the entire platform. And the honest answer is: it depends, but most people are picking the wrong one for the wrong job.

In this talk I'll break down where the boundary actually is. Skills are great when the knowledge is stable conventions, workflow logic, best practices. MCP servers earn their keep when you need live data, real-time API calls, or actions with side effects. The interesting part is what happens when you layer them: a Skill that knows how to debug a failed deployment, calling an MCP server that pulls live pipeline logs and execution data.

I'll walk through real examples I've built skills that started as simple "SKILL.md" files and grew into MCP-backed workflows, and cases where I over-engineered an MCP server when a markdown file would've done the job. If you're building agents and trying to figure out the right architecture, this talk should save you some wrong turns.

Speakers

Jyoti Bisht

Senior DevRel Engineer, Harness

Jyoti Bisht is a Senior Developer Relations Engineer specializing in Cloud Cost Management and FinOps. She focuses on improving developer experience through platform design, internal tooling, and community engagement. She has also spoken at DevRelCon on gamifying documentation to... Read More →

Animesh Pathak

DevRel Engineer, Harness

Wednesday June 10, 2026 3:20pm - 3:45pm IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

3:20pm IST

Auditing MCP Tool Calls at the Kernel Level: eBPF as a Trust Boundary Enforcer - Harini Anand, IBM

Wednesday June 10, 2026 3:20pm - 3:45pm IST

Scarlet 1

As MCP servers exponentially proliferate, a critical question emerges: who audits what an LLM actually did when it invoked a tool?

Application-layer logs can be tampered with or missed. This talk argues that eBPF is the only tamper-resistant audit layer for MCP tool execution and shows you how to build it.

We walk through instrumenting an MCP server's syscall surface with bpftrace and cilium/ebpf: capturing every network egress triggered by a tool call, every file descriptor opened, every exec spawned, correlated back to the originating MCP request ID via process lineage tracking in BPF maps.

The result is an immutable, kernel-enforced audit trail that no application-layer bug or prompt injection can suppress.

We'll also cover using eBPF LSM hooks to enforce policy at call time, blocking tool invocations that attempt unexpected network destinations or file paths effectively making eBPF a runtime policy engine for MCP's threat model.

Attendees leave with a working threat model, reference eBPF programs, and a clear mental model for where kernel enforcement fits in MCP's trust architecture.

Speakers

Harini Anand

SDE in Data & AI, IBM

SDE at IBM Data & AI, working on IBM watsonx™. Software Engineering Researcher at UIUC. Computational Cognition Researcher at Georgia Institute of Technology. Biomedical XAI Researcher at Dartmouth College.
Formerly at Niramai & IIT Hyderabad, researching ML for breast cancer and gene regulatory networks. Built cognitive tools for dementia prevention as a student entrepreneur. Google KaggleX Mentee, AWS Scholar, Harvard WE Tech Fellow, Oxford & MIT Summer School alumna and a Stanford... Read More →

Wednesday June 10, 2026 3:20pm - 3:45pm IST
Scarlet 1

Security Identity + Trust

Audience Experience Level Intermediate

3:45pm IST

The Invincible MCP Server: Building Crash-Proof AI Tools With Durable Execution - Shubham Londhe, Temporal

Wednesday June 10, 2026 3:45pm - 4:10pm IST

Convention Hall

We All have been building AI Agents with MCP since it launched in 2024, but there's one thing no one is talking about - "What happens when MCP Fails? (and they fail often). MCP is just a process and it can crash, and so will the AI agent progress, it all can vanish with a crash.

Well, the new Tasks primitive in MCP (SEP-1686) helps a lot, it gives your AI agents a way to hand off long-running tools, but it doesn't solve the real problem. They don't maintain the state when the server crashes.

In this session, I'll do a live demo of a Kubernetes Auto Healing AI Agent with MCP server and walk through how to wrap MCP tool logic in workflows that survive crashes, restarts, and network failures.
I'll cover how to handle human-in-the-loop approvals inside long-running tools, how to retries and state-management, and how to observe what your MCP tools are doing in production.

I'll be breaking a running server on stage and show you the agent recovering without losing a step. Hence "The Invincible MCP Server"

Speakers

Shubham Londhe

Senior Developer Advocate, Temporal

Hello Dosto, I am Shubham Londhe, a Senior Developer Advocate, passionate about developing and deploying production-ready applications.

Its been more than 9+ years in the IT industry and having worked with AWS, Temporal, gave me a lens of how Production-readiness works.

I take this experience and share it with learners across India through my YouTube channel "TrainWithShubham" with over 175000 subscribers. Happy Learning... Read More →

Wednesday June 10, 2026 3:45pm - 4:10pm IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

3:45pm IST

Agentic DX: Bringing Your IDP Into the IDE - Adnan Vahora, Motorola Solutions

Wednesday June 10, 2026 3:45pm - 4:10pm IST

Scarlet 2&3

Platform engineering has a chicken-and-egg problem: the platform needs adoption to justify investment, but adoption requires onboarding that teams resist when deadlines are tight. Our internal developer platform hit this hard. It serves 4,000+ developers across clouds and managed Kubernetes, yet many teams found the portal too unfamiliar.
We solved it with a second entry point built on MCP. Instead of learning a new UI, developers get 30+ platform capabilities directly in IDE chat, from namespace provisioning and Helm deployments to cost analysis and access management. An MCP App renders forms in chat, developers approve and execute, and a first deployment can happen with almost no onboarding.
This session covers the production architecture: sandboxed iframe-based MCP Apps, Elicitation for structured write approvals, an Adaptive Tool Router that keeps 30+ tool schemas from flooding the context window, a split between deterministic Agent Skills and ReAct reasoning, and a safety layer with a sub-500ms kill switch plus delegated RBAC tied to existing permissions. Attendees leave with a practical blueprint for meeting developers where they already work.

Speakers

Adnan Vahora

Software Engineer, Motorola Solutions

Building the roads and traffic lights for the next generation of AI at Motorola Solutions. I’m currently obsessed with solving the 'hard parts' of Agentic AI—like figuring out how to secure Agent-to-Agent traffic without slowing it down.

I’m a big believer in open standards (huge fan of Envoy & Wasm) and love turning chaotic problems into clean architecture. Always happy to swap stories about platform engineering, Rust, or the latest in AI governance. Come say hi... Read More →

Wednesday June 10, 2026 3:45pm - 4:10pm IST
Scarlet 2&3

Enterprise Adoption + Integration

Audience Experience Level Intermediate

3:45pm IST

Who Let the Agent In? Securing MCP Servers in Production - Prachi Jamdade, Gravitee

Wednesday June 10, 2026 3:45pm - 4:10pm IST

Scarlet 1

What if your MCP server could confidently decide who gets access to what, without turning your codebase into a security nightmare? In this session, we follow the journey of a simple MCP server as it evolves from an open endpoint into a fully secured, production-ready system. Along the way, you’ll see how authentication actually works in MCP, how to move beyond basic role checks into fine-grained, contextual authorization with OpenFGA, and how these pieces fit together in real-world scenarios. The highlight is a live demo where we lock down an MCP server step by step, making the invisible layers of security visible and practical. By the end, you won’t just understand MCP security, you’ll know exactly how to implement it or even offload it entirely so you can focus on building powerful agent-driven experiences.

Speakers

Prachi Jamdade

Developer Advocate, Gravitee

Prachi Jamdade is a Developer Advocate at Gravitee, working at the intersection of developer experience, APIs, AI governance and security. She has worked with multiple startups and shipped global products.

Wednesday June 10, 2026 3:45pm - 4:10pm IST
Scarlet 1

Security Identity + Trust

Audience Experience Level Intermediate

4:10pm IST

Why Agents Make Different Decisions With the Same Tools - Jyoti Bisht & Animesh Pathak, Harness; Aditya Oberai, Appwrite

Wednesday June 10, 2026 4:10pm - 4:35pm IST

Scarlet 2&3

Scenario: Deploy an agent to production. Works 90% of time in testing. Month later: Claude model updates. Success rate drops to 70%. Why? Model change altered how tools are ranked.
You can't see this. You have no control. Your agent silently degraded.
This talk identifies sources of divergence:

Temperature/sampling: Agent with temp 0.7 calls Salesforce 60% of time. Temp 0 calls it 95%.
Model version: Claude 3.5 favors Salesforce (in training data). Opus 4.5 favors email (newer training). Same task, different choices.
Context truncation: Tool listed first in window = primacy bias (70% called). Tool listed last = recency bias (30%).
Tool schema order: Tools listed alphabetically vs. semantic order (query before create) changes success rate 25%.
Schema verbosity: Detailed descriptions make tools more likely to be selected than sparse ones.

Then proposes solution: Agent fingerprinting. Create deterministic test suite capturing baseline behavior. Before deploying new model/agent version: run fingerprint suite. If success rate drops 10%+, alert. Don't deploy.

Speakers

Jyoti Bisht

Senior DevRel Engineer, Harness

Aditya Oberai

Developer Relations Lead, Appwrite

Aditya Oberai is the Developer Relations Lead at Appwrite and an avid tech community and hackathon enthusiast. Having worked with various technologies such as APIs, web apps, cloud computing, etc., he has spent the last 6 years empowering tech communities and is a Microsoft MVP awardee... Read More →

Animesh Pathak

DevRel Engineer, Harness

Wednesday June 10, 2026 4:10pm - 4:35pm IST
Scarlet 2&3

Agent Architecture + Orchestration

Audience Experience Level Intermediate

4:10pm IST

Building Rich AI-Native UI for Agentic Interactions Using MCP Apps - Ashita Prasad, AWS

Wednesday June 10, 2026 4:10pm - 4:35pm IST

Convention Hall

AI Agents are getting smarter with each passing day. But, their interfaces? Not so much.

But, what if there is a way to turn the AI chat from a place where you converse into a place where you can actually work?

MCP Apps offer a solution to go beyond the text and standardize how MCP servers can deliver rich, bidirectional UI components like dashboards, forms, interactive visualizations & more. These components are rendered securely and natively within AI hosts, enabling agents to interact with users via rich interactive interfaces.

In this session, attendees will learn:
- Core architectural patterns from real MCP Apps development
- How to handle sandboxed host–server communication, manage state synchronization, stream real-time updates, handle async tasks, & add multiplayer collaboration
- How to leverage context and persist memory across conversations
- How to avoid some common pitfalls and utilize debugging workflows and tools
- How to add authentication & deploy a remote MCP Server providing MCP Apps

We will walk through a complete, production-style Sales Analytics MCP Apps and perform a code deep-dive to showcase the effective foundational patterns while building MCP Apps.

Speakers

Ashita Prasad

SDE / Developer Advocate, AWS

Ashita works as a developer advocate at AWS with a strong focus on frontend and AI technologies. With 10+ years of experience in full stack development, she is passionate about building impactful products and equally loves empowering & engaging with fellow developers in the commu... Read More →

Wednesday June 10, 2026 4:10pm - 4:35pm IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

4:10pm IST

When Agents Get SSH Keys: Securing Distributed AI Fleet With MCP - Mradul Dubey, ApraLabs

Wednesday June 10, 2026 4:10pm - 4:35pm IST

Scarlet 1

Agent security discussions focus on prompt injection and sandboxing. But when agents operate on real infrastructure - pushing to Git, executing code via SSH, starting cloud instances - every machine in the fleet carries its own keys, tokens, and credentials, multiplying the risk.

This talk presents the security architecture of apra-fleet, an open-source (Apache 2.0) MCP server that orchestrates AI agents across distributed machines:
- Credential lifecycle: provisioning LLM auth (OAuth, API keys), SSH keys, and Git tokens with automated key-pair migration
- Out-of-band credential entry: passwords collected via separate terminal, never exposed to the LLM. "LLM secure variables" for sensitive text
- Short-lived tokens: GitHub App mints scoped tokens with minute-level TTLs - a compromised session cannot reuse yesterday's token
- Role-scoped permissions: MCP tool constraints make violations structurally impossible - a doer agent cannot call the merge tool
- Encryption at rest

Grounded in production sprints across C++, Node.js, Python, and ML. Attendees leave with reusable patterns for securing multi-agent systems on real infrastructure.

Speakers

Mradul Dubey

Senior Software Developer, ApraLabs

Mradul is a developer at Apra Labs with over 8 years of experience in ML, edge AI and computer vision. At Apra Labs, he works across the stack from embedded inference to cloud infrastructure. A natural skeptic, his recent focus has shifted to agentic AI - he co-architects to apra-fleet... Read More →

Wednesday June 10, 2026 4:10pm - 4:35pm IST
Scarlet 1

Security Identity + Trust

Audience Experience Level Intermediate

5:15pm IST

The MCP Has No Clothes: What Most Benchmarks Miss About Real MCP Servers - Arnav Balyan, Concierge AI

Wednesday June 10, 2026 5:15pm - 5:40pm IST

Convention Hall

As MCPs mature, a gap emerges between benchmark performance and production behaviour:

1. Servers are tested in isolation, however in production they run alongside 100s of other servers, which affects tool selection. Typical evaluation frameworks are unable to reproduce this scale.
2. Single tool calls cannot test workflow compliance (the order and dependency of tool calls across multi step tasks).
3. Benchmarks are unable to measure user experience or quantify transcript quality.

This talk presents the design philosophy for robust MCP evaluation, grounded on field data and traffic analysis from 400+ production MCP servers.

We introduce a set of success metrics for MCP server authors and show how this re-order benchmark leaderboards, why servers that top toy evals regress in production, and what server authors should measure before shipping.

Attendees leave with a framework they can apply directly, data to benchmark against, and a clearer view of how they can adopt MCP confidently at scale for enterprise and internal usecases.

Speakers

Arnav Balyan

CEO, Concierge AI

Founder of Concierge AI. Ex-Uber building MCP systems at scale. Concierge AI manages 400+ public MCP deployments, Arnav focuses on MCP tool complexity and researches token overhead reduction at scale.

Wednesday June 10, 2026 5:15pm - 5:40pm IST
Convention Hall

Building with MCP

Audience Experience Level Intermediate

5:15pm IST

Beyond Containers: Sandbox Architecture for MCP Tool Execution at Scale - Vikram Vaswani, Self Employed - Consultant

Wednesday June 10, 2026 5:15pm - 5:40pm IST

Scarlet 1

MCP gives us a clean abstraction for agents calling tools. But it doesn't talk about security: what if the tool does bad things?

For read-only tools returning structured data, a shared-kernel container is fine. For the growing class of MCP servers exposing code execution, the attack surface that produced CurXecute (CVE-2025-54135 and CVE-2025-59944), containers are the wrong primitive, because a single exploit crosses from MCP server to host.

This talk covers what MCP tool execution looks like when you take isolation seriously. It walks through the architectural pattern of scheduling Firecracker microVMs for MCP tool execution - sub-second resume (for chained tool calls and fast-start), minimal kernel configurations, and common integration paths with Kubernetes.

Attendees leave with a decision framework: four signals that isolation complexity is worth it, three signals it's overkill, and a clear mental model of the latency-vs-isolation tradeoff.

Speakers

Vikram Vaswani

Developer Advocate, Self Employed - Consultant

Vikram Vaswani is a developer advocate, open source consultant, and technical author with 20+ years of experience helping teams adopt and scale open source technologies. He is the author of seven books published by McGraw-Hill and Pearson, with translations in multiple languages... Read More →

Wednesday June 10, 2026 5:15pm - 5:40pm IST
Scarlet 1

Security Identity + Trust

Audience Experience Level Intermediate

5:40pm IST

Multilingual MCP: Making Tool Calling Work for the Next Billion Users - Samyuktha Mohan Alagiri, IBM

Wednesday June 10, 2026 5:40pm - 6:05pm IST

Scarlet 1

MCP's tool schema, server descriptions, and routing logic are overwhelmingly designed around English. That assumption quietly breaks when you build for users in Hindi, Tamil, Kannada, or Bengali.
This talk is a ground-up look at where MCP falls short for Indic language users and what it takes to fix it. The specific failure modes covered include: intent ambiguity in tool selection when queries arrive in transliterated or code-switched text, embedding models trained on English producing poor similarity scores for Indic-language tool descriptions, and response localization gaps where tool results are returned in English to users who queried in their native language.
The talk then presents concrete patterns for each problem, including translated and dual-language tool manifests, language-aware routing layers that sit between the user and the MCP client, and lightweight post-processing for localizing tool outputs. All patterns are demonstrated with working code from production voice agent systems built for Indian users.
With the MCP Dev Summit landing in Bengaluru, this is a timely and locally grounded conversation the ecosystem needs to have.

Speakers

Samyuktha M S

Software Developer, IBM

Wednesday June 10, 2026 5:40pm - 6:05pm IST
Scarlet 1

Ecosystem Registries + Platform Infrastructure

Audience Experience Level Intermediate

5:40pm IST

Extending MCP: Writing Custom Protocol Extensions Without Breaking Compatibility - Saurabh Mishra, Optum/UnitedHealthGroup

Wednesday June 10, 2026 5:40pm - 6:05pm IST

Scarlet 2&3

MCP's real power lies not just in what it defines, but in what it leaves room for. As teams push MCP into production, the need to add custom capabilities streaming responses, domain-specific metadata, proprietary auth flows runs headfirst into the risk of breaking existing clients and servers.
This talk walks through the practical discipline of extending MCP without fracturing compatibility: how to use capability negotiation correctly, where to extend vs. where to fork, how to version custom extensions gracefully, and how to contribute extensions upstream without waiting for a spec cycle.
Real examples from building extensions in the wild what worked, what silently broke things, and what the spec doesn't yet have a good answer for.
Attendees leave with a working mental model for extension design and a checklist for evaluating whether a custom extension is safe to ship

Speakers

Saurabh Mishra

Lead DevOps Engineer, Optum (UnitedHealthGroup)

Saurabh Mishra is a Cloud Evangelist and architect dedicated to high-level automation and DevOps excellence. He actively engages with the global tech community, sharing insights on cloud-native technologies, security best practices and multi-cloud strategies.As an experienced speaker and mentor... Read More →

Wednesday June 10, 2026 5:40pm - 6:05pm IST
Scarlet 2&3

MCP Protocol in Depth

Audience Experience Level Intermediate

10:55am IST

11:20am IST

11:20am IST

11:45am IST

11:45am IST

12:10pm IST

12:10pm IST

3:20pm IST

3:20pm IST

3:45pm IST

5:15pm IST

5:15pm IST

5:15pm IST

5:40pm IST

5:40pm IST

6:05pm IST

6:05pm IST

11:00am IST

11:00am IST

11:25am IST

11:25am IST

3:20pm IST

3:20pm IST

3:45pm IST

3:45pm IST

3:45pm IST

4:10pm IST

4:10pm IST

4:10pm IST

5:15pm IST

5:15pm IST

5:40pm IST

5:40pm IST

Get help with the event