Loading…
June 9-10, 2026
Bengaluru, India
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit Bengaluru to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.


Venue: Scarlet 2&3 clear filter
Tuesday, June 9
 

11:00am IST

MCP in Production: OAuth, Session Isolation, and Audit Trails for Remote Servers - Rajan Sharma, Ispace INC
Tuesday June 9, 2026 11:00am - 11:25am IST
MCP demos are easy. Production MCP is not.

Once a remote MCP server touches real data or privileged actions, a successful tool call is not enough. Teams need OAuth 2.1 done correctly, least-privilege scopes, protected resource metadata, audience-bound tokens, secure session handling, gateway-aware controls, and audit trails that explain who requested what and what the server actually did.

This session turns MCP’s security guidance into a practical production blueprint. I’ll walk through how to secure remote MCP servers end to end: when authorization is required, how to avoid token passthrough and over-broad scopes, where session isolation fails, what proxies and gateways must enforce, and what to log for debugging, compliance, and incident response.

Attendees will leave with a clear mental model, a reference architecture, and a concrete checklist for operating MCP clients, servers, and intermediaries safely in production.
Speakers
avatar for Rajan Sharma

Rajan Sharma

Sr Principal Architect, ISpace inc
Rajan Sharma is a Principal Architect at iSpace specializing in cloud architecture, AI/ML, serverless, and enterprise security. He builds scalable, resilient enterprise platforms and works across AI search, observability, and production systems. He is an AWS Security Specialty holder... Read More →
Tuesday June 9, 2026 11:00am - 11:25am IST
Scarlet 2&3
  Security Identity + Trust
  • Audience Experience Level Any

11:30am IST

From Alert To Revert: One MCP 500+ Tools for Production Triage and Real-world DevOps - Avinash Kumar Lodhi, Coursehero
Tuesday June 9, 2026 11:30am - 11:55am IST
What happens when your on-call agent can read Datadog metrics, tail logs in groundcover, pull pod state from Kubernetes, and grep GitLab for the commit that broke prod, all in one conversation? At Learneo we built one MCP endpoint that does that across 11 upstream servers, 518 indexed tools, and can manage multiple AWS accounts credentials. It changed how we triage incidents.
I'll walk a synthetic incident end to end, with redacted screenshots from real ones, showing the agent go from alert to MR to revert.

Key Takeaways:

- Context: meta-tools and BM25 search keep the agent at about 1.5k tokens, not 500 schemas, and it pulls what it needs on demand
- Routing: a company overview shipped as MCP instructions on connect points the agent at the right cluster and Jira project before it picks a tool
- Memory: an agent-maintained company wiki for org structure, data models, and playbooks. The agent reads it and writes back what it learns
- Security: centralized credentials and a write denylist so the agent can read everything without breaking anything

Attendees will leave understanding both the value and the architecture for turning MCP into production-grade agent infrastructure.
Speakers
avatar for Avinash Kumar Lodhi

Avinash Kumar Lodhi

Staff Software Engineer - Devops, CourseHero
Avinash Kumar Lodhi is a Staff DevOps Engineer on the Course Hero Platform team. His job is to automate and manage things on a large scale. He started as a tester at Teradata ten years ago, then moved to DevOps. He worked at Sprinklr and then at Meesho, moving 500+ microservices from... Read More →
Tuesday June 9, 2026 11:30am - 11:55am IST
Scarlet 2&3
  Enterprise Adoption + Integration

12:00pm IST

Context-Aware MCP Servers for Small Language Models - Vivek Mankar, Anto Ajay Raj John, Stuti Sinha, Reeva Nanda, Nethra Khandige, Pradipta Ghosh, IBM
Tuesday June 9, 2026 12:00pm - 12:25pm IST
Small Language Models are great for edge and cost-sensitive deployments, but struggle with limited context windows. This talk shows how MCP servers can act as an external memory and context orchestration layer for SLMs. Based on a survey of 25+ long-context reasoning techniques, we demo concrete implementations: episodic memory with surprise-based retrieval (EM-LLM-inspired), and a dynamic context orchestrator that picks between RAG, summarization, and sliding-window strategies based on query type and model capacity. This is a builder's guide to making small models punch above their weight via smart MCP-based context engineering.
Speakers
avatar for Vivek Mankar

Vivek Mankar

Staff AI Engineer, IBM
Vivek Mankar is an AI Software Engineer specializing in high-performance AI inference systems and scalable cloud software. Operating at the intersection of deep learning and systems engineering, his work focuses on the PyTorch ecosystem, LLM serving, and MLOps automation. Backed by... Read More →
avatar for Nethra Khandige

Nethra Khandige

AI Engineer, IBM
Nethra Khandige is an AI Engineer at IBM, working on the PyTorch ecosystem, AI inference optimization, and context-aware AI systems. Backed by a strong research foundation, including published work in malware detection, neural network inference, deep reinforcement learning with published... Read More →
avatar for Anto Ajay Raj John

Anto Ajay Raj John

AI Engineering Manager, IBM
Anto John is a senior manager for AI with industry experience of 20 years. He has been working on AI projects for the past 10 years in various capacity. He was one of the core team members of the IBM BlueGene/Q supercomputer. He was the performance architect for IBM Power Systems... Read More →
avatar for Stuti Sinha

Stuti Sinha

Software Engineer, IBM
Stuti Sinha is a researcher and developer focused on the intersection of model efficiency and AI safety. With a background in Python, Java, and C++, she specializes in the PyTorch ecosystem, specifically optimizing Long Context Reasoning and architecture for Small Language Models... Read More →
avatar for Reeva Nanda

Reeva Nanda

Software Engineer, IBM India
Reeva Nanda is a software developer and AI ML researcher with strong theoretical foundations in generative AI, deep learning, and neural network architectures. Deeply passionate about the mathematics underpinning modern AI , particularly linear algebra and its role in model design... Read More →
avatar for Pradipta Ghosh

Pradipta Ghosh

AI software Architect, IBM
Tuesday June 9, 2026 12:00pm - 12:25pm IST
Scarlet 2&3
  Building with MCP

1:55pm IST

Designing a Control Plane for Agentic Systems Using MCP - Malepati Bala Siva Sai Akhil, Couchbase
Tuesday June 9, 2026 1:55pm - 2:20pm IST
As MCP-based systems grow in complexity, standardizing tool interaction alone is not enough to ensure reliable execution.

This talk introduces a control-plane perspective for MCP-based systems, grounded in distributed systems principles such as scheduling, retries, idempotency, and fault isolation. Coordinating multi-step workflows across MCP servers introduces challenges such as partial failures, inconsistent state, and retry behavior that can escalate under load.

The focus is on how a control plane actively manages execution, including deciding when and how tool calls are made, handling failures dynamically, and coordinating workflows across multiple services. It also examines how centralized control improves reliability and consistency in complex MCP-based systems.

Attendees will gain concrete mental models for building scalable and reliable MCP-based systems.
Speakers
avatar for Malepati Bala Siva Sai Akhil

Malepati Bala Siva Sai Akhil

Principal Software Engineer, Couchbase
Principal Software Engineer at Couchbase with 10+ years building distributed systems, AI infrastructure and cloud-native platforms across Intel, VMware, and Huawei. IEEE Computing Top 30 (2024) and Intel Distinguished Inventor Award recipient for work in security, distributed systems... Read More →
Tuesday June 9, 2026 1:55pm - 2:20pm IST
Scarlet 2&3
  Agent Architecture + Orchestration

2:55pm IST

InstaMCP: Instant MCP-ification of Enterprise APIs - Rupal Sharma & Ujjal Sharma, Nutanix
Tuesday June 9, 2026 2:55pm - 3:20pm IST
This session introduces InstaMCP, a common platform designed to instantly "MCP-ify" enterprise APIs and eliminate the need for redundant "glue code" currently required to connect LLMs to internal products. This solution addresses siloed AI integrations and maintenance bottlenecks within large SaaS ecosystems. InstaMCP automatically ingests Swagger/OpenAPI specifications to generate fully deployable, secure Model Context Protocol (MCP) servers in minutes. It moves beyond simple 1:1 API mapping by providing a visual, low-code interface for developers to stitch multiple APIs into complex, multi-step workflow tools for seamless agent execution. Attendees will explore the platform's architecture, automated MCP server generation, and how it addresses the critical "security blindspot" by accommodating token-exchange and other guardrails.
Speakers
avatar for Rupal Sharma

Rupal Sharma

Staff Engineer, Nutanix
A software engineer with more than a decade of experience architecting high-scale platforms across Fintech, Telecom, and Identity. Specialist in major platform modernization and high-concurrency systems.
avatar for Ujjal Sharma

Ujjal Sharma

Member of Technical Staff, Nutanix
Building enterprise grade AI agents and MCP servers
Tuesday June 9, 2026 2:55pm - 3:20pm IST
Scarlet 2&3
  Enterprise Adoption + Integration
  • Audience Experience Level Beginner
  • Session Slides Yes

3:25pm IST

Cloud-engineer-mcp: Implementing the Gateway Pattern for Multi-Cloud MCP Orchestration - Aniruddha Biyani, Prophecy
Tuesday June 9, 2026 3:25pm - 3:50pm IST
As the Model Context Protocol (MCP) matures, enterprises face a "Connectivity Gap": the $M \times N$ integration problem has shifted from a development crisis to an operational one characterized by context window bloat and fragmented identity management. While the protocol simplifies 1:1 connections, orchestrating a fleet of agents across AWS, GCP, and Azure requires a centralized intermediary to govern tool discovery and secure credential propagation. This session presents cloud-engineer-mcp, an open-source implementation of the MCP Gateway Pattern. We will dive into the technical challenges of aggregating official CSP-specific servers—AWS, Azure, and GCP—behind a single interface while maintaining high performance. The talk focuses on two core architectural innovations: Embedding-based Semantic Similarity (using local models like all-MiniLM-L6-v2) to surface only the most relevant top-K tools for a conversation, and Multi-Transport Support that allows the gateway to bridge local stdio environments (like Cursor or VS Code) with remote Streamable HTTP deployments.
Speakers
avatar for Aniruddha Biyani

Aniruddha Biyani

Lead Security Engineer, Prophecy AI
aniruddha “AB” biyani is the Head of Security and Compliance at Prophecy. With a career built on scaling cloud security for high-growth startups and cybersecurity vendors. He is a long-standing volunteer and organizer for the DEF CON Cloud Village.

He recently presented at Black Hat Europe Arsenal 2024, Black Hat Asia Arsenal 2024, and SANS CloudSecNext 2023. He is also the creator and maintainer of open-source tools like findmytakeover, cloud-auth and cloud-engineer-mcp... Read More →
Tuesday June 9, 2026 3:25pm - 3:50pm IST
Scarlet 2&3

4:20pm IST

MCPeek Into Your Server's Secrets - Akash Sathish, Sahaj Software
Tuesday June 9, 2026 4:20pm - 4:45pm IST
Most "MCP security scanners" are wrappers around npm audit and regex keyword rules. A November 2025 research survey showed 0% detection on TypeScript servers because the underlying tools never parse the AST and two-thirds of public MCP servers ship in TypeScript.

This talk walks through building an AST pipeline using ts-morph that catches what keyword rules miss: path traversal through fs wrapper functions, command injection even when the command is assembled across intermediate variables, SSRF through aliased URL parameters, and tool handlers registered without any schema validation. The key technical contribution is multi-pass taint tracking following a user parameter through variable aliases before reaching a dangerous sink, which eliminates the false-negative class that makes regex rules useless. Audited against more than 50 MCP servers.

Attendees leave with:
(1) the open-source MCPeek ruleset to drop into CI,
(2) a decision framework for choosing SAST depth per vulnerability class,
(3) the taint-tracking pattern for building MCP-aware rules in any language.

Link to MCPeek: https://github.com/iamakash-06/MCPeek
NPM Package: https://www.npmjs.com/package/mcpeek
Speakers
avatar for Akash Sathish

Akash Sathish

Solution Consultant, Sahaj Software
I'm a Solution Consultant at Sahaj Software in Chennai. I've been neck-deep in MCP, AI-Assisted Development, and agentic architectures since before they had proper names. I've spoken at GitTogether 2025, The Fifth Elephant 2025, and six other conferences across AI-assisted development... Read More →
Tuesday June 9, 2026 4:20pm - 4:45pm IST
Scarlet 2&3
  Security Identity + Trust

4:50pm IST

MCP Servers on Kubernetes: Deployment Patterns, Scaling, and What Breaks - Kunal Das, Cast Ai
Tuesday June 9, 2026 4:50pm - 5:15pm IST
Most MCP talks focus on the protocol or the AI side. This one is about the infrastructure underneath.
I run MCP servers on Kubernetes, and I've hit enough weird failure modes to have opinions about it. This talk covers how to deploy MCP servers as containerized workloads: health checks that actually make sense for long-lived agent connections, resource limits that don't starve your servers mid-conversation, and what happens when an agent decides to call 200 tools in a loop.
I'll walk through deployment patterns I've tested. Sidecars vs standalone pods, service mesh routing for multi-tenant setups, and HPA configurations that don't flap every time an agent goes quiet. I'll also cover the stuff that broke: connection drops during rolling updates, memory leaks from unbounded context, and the time a misconfigured liveness probe took down every MCP server in the cluster.
Expect a live demo on a real cluster, real YAML, and zero slides about what MCP stands for.
Speakers
avatar for Kunal Das

Kunal Das

Developer Advocate, Cast Ai
Kunal Das is a Developer Advocate at CAST AI, based in Bangalore. He works on cloud cost optimization and spends most of his time figuring out why Kubernetes clusters waste so much money. He organizes CNCF community chapters in Mumbai and Kolkata, runs the HashiCorp User Group Bangalore... Read More →
Tuesday June 9, 2026 4:50pm - 5:15pm IST
Scarlet 2&3

5:20pm IST

MCP + Kubernetes: Building a Self-Healing AI Platform (Not Just Pipelines) - Raghu Reddy, Calix & Esakki Raj E, Cisco
Tuesday June 9, 2026 5:20pm - 5:45pm IST
Most teams treat MCP as a pipeline, and that is the problem. Pipelines fail silently. They have no concept of desired state, no reconciliation loop, and no recovery path when a model times out or a tool call returns garbage. You are essentially writing bash scripts with an LLM in the middle.

Kubernetes already solved this. The operator pattern gives you level-triggered reconciliation, retry logic with backoff, and declarative desired state baked into the control plane. Combine that with MCP's tool abstraction and you stop writing pipelines and start building platforms where AI workflows are first-class resources that the cluster actively keeps healthy. GitOps via ArgoCD means your model routing, fallback configurations, and tool permissions are version-controlled, auditable, and promotable across environments like any other workload.

We will cover: modeling MCP workflows as Kubernetes custom resources, building operators that reconcile AI workflow state including fallback model selection and tool availability, wiring ArgoCD to manage MCP server deployments and configuration drift, and the observability hooks you need to actually trust that self-healing fired correctly.
Speakers
avatar for Esakki Raj E

Esakki Raj E

Senior AIOps Engineer, Cisco
Experienced Site Reliability Engineer (SRE) and MLOps specialist with over 9+ years of practical experience in designing, implementing, and managing cloud-based infrastructure and services. Proven track record in architecting and scaling large-scale AI/ML infrastructure on Kubernetes... Read More →
avatar for Raghu Reddy

Raghu Reddy

Staff Platform Engineer (Security), Calix Inc
Raghu is a Staff Platform Engineer (Security) at Calix Inc. , where he secures Kubernetes infrastructure powering AI and MLOps workloads across multiple clusters.
With over 10 years in Platform Engineering and Security. Applying supply chain security, runtime hardening, and policy... Read More →
Tuesday June 9, 2026 5:20pm - 5:45pm IST
Scarlet 2&3
  Agent Architecture + Orchestration
 
Wednesday, June 10
 

11:00am IST

Beyond Tools and Resources: A Deep Dive into MCP Sampling for Agentic Features - Kevin Vaz, Smartbear
Wednesday June 10, 2026 11:00am - 11:25am IST
Most MCP servers are one-shot: the client asks, the server answers. But some features need the server to reason mid-execution like summarise a diff before returning it, classify input to pick the next step, recover from ambiguity instead of failing, generating new data. That's what sampling unlocks: the server calls back into the host's LLM, without ever holding its own model keys.

This deep dive walks through sampling/createMessage feature provided by the mcp protocol and its internals messages, modelPreferences, includeContext, systemPrompt — and what the client is actually allowed to modify. We'll cover capability negotiation and the human-in-the-loop approval flow, then step through how sampling patterns are actually built in the smartbear-mcp server, using its implementations over there to understand how one could build their own sampling features.

Then the hard parts: agent loops, token-budget blowups, portability across clients using different model providers.

You'll leave knowing when sampling beats tools or elicitation, and with patterns you can lift today.
Speakers
avatar for Kevin Rohan Vaz

Kevin Rohan Vaz

Senior Software Engineer, Smartbear
Kevin Rohan Vaz is a Senior software engineer at SmartBear and a core contributor to the open-source smartbear-mcp server and swagger contract testing features, where he designs and ships the server's sampling, tools, and resource integrations. He spends his time turning MCP spec... Read More →
Wednesday June 10, 2026 11:00am - 11:25am IST
Scarlet 2&3
  MCP Protocol in Depth
  • Audience Experience Level Beginner
  • Session Slides Yes

11:30am IST

Building Interactive Tools With MCP Elicitation - Ashwin Hariharan, Redis
Wednesday June 10, 2026 11:30am - 11:55am IST
Most of us think of agent tools as vending machines - you put in the right input, you get the right output. Put in the wrong input, and you either get the wrong output or nothing at all.

This breaks for complex workflows where context is incomplete or intent is ambiguous. The tool either guesses wrong or fails outright. No back-and-forth, no clarification. Good AI tools built for conversation should explain what they need, what they'll do, and provide clear options.

In this session, we’ll look at how MCP elicitation works in practice across different workflows: covering ambiguous input, missing context, risky operations, and auth flows. Attendees will leave with concrete patterns for designing tools that go beyond transactional APIs to collaborative multi-turn interactions.
Speakers
avatar for Ashwin Hariharan

Ashwin Hariharan

Developer Advocate, Redis
Ashwin Hariharan is a Developer Advocate at Redis, with over eight years of experience as a full-stack software engineer. He's passionate about making complex ideas simple, helping developers build faster, more reliable systems, and understand the "why" behind the tools they use.
... Read More →
Wednesday June 10, 2026 11:30am - 11:55am IST
Scarlet 2&3
  Building with MCP

12:00pm IST

Ambient Identity: Just-in-Time Authorization Patterns for the Model Context Protocol - Ayesha Dissanayaka, WSO2
Wednesday June 10, 2026 12:00pm - 12:25pm IST
As the Model Context Protocol (MCP) matures, we face a critical security hurdle: how do ambient agents that are running in the background or on headless devices securely access sensitive resources without constant manual intervention?

Standard OAuth flows often break the "ambient" experience by requiring immediate browser redirects on the same device. This session proposes a decentralized identity architecture using Client-Initiated Backchannel Authentication (CIBA). By decoupling the consumption of resources from the authorization flow, an MCP client can trigger a "just-in-time" permission request directly to a user's trusted mobile device.

Key Takeaways:
- Decoupled Auth: Implementing CIBA to bridge the gap between headless MCP clients and human controllers.
- Just-in-Time delegations: Moving from "all-or-nothing" API keys to granular, session-based permissions.
- Security Patterns: Handling asynchronous "Out-of-Band" callbacks within the MCP lifecycle.

Join us to explore how we can make background agents both powerful and respectful of the "human-in-the-loop" principle.
Speakers
avatar for Ayesha Dissanayaka

Ayesha Dissanayaka

Associate Director / Architect, WSO2
Ayesha is Lead Architect for Identity and Access Management for Agentic AI at WSO2, specializing in securing autonomous AI systems. With over a decade in enterprise IAM, she architects identity solutions for AI agents, bridging traditional frameworks with emerging AI security needs... Read More →
Wednesday June 10, 2026 12:00pm - 12:25pm IST
Scarlet 2&3
  Security Identity + Trust
  • Audience Experience Level Beginner
  • Session Slides Yes

1:55pm IST

Why Your Database MCP Should Never Talk To Your Database - Gowtham Raj Elangovan, Comcast
Wednesday June 10, 2026 1:55pm - 2:20pm IST
Most database MCP implementations are stdio transport, hardcoded URIs, and live connections handed directly to AI agents. This works on a laptop. It fails in production.
Direct agent-to-database connectivity is dangerous. Connection exhaustion, raw credentials in agent context, DDL one hallucination away, PII returning unfiltered into LLM context windows, runaway queries taking down production clusters. Not theoretical. Production failures waiting to happen.
For our internal DBaaS service we built a two-layer remote MCP architecture to close every one of them. An MCP Proxy handles agent-facing concerns — JWT auth, SSO-backed approvals, rate limiting, and an execution_id registry so no agent ever sees a raw URI. It never touches the database. Queries route through a Query Service — the only layer that does. Read-only enforced structurally, DDL blocked even for root, injection filtered, timeouts enforced, Presidio scrubbing PII before responses reach any agent context window. We contrast this with direct-connect tools, contribute execution_id as a reusable enterprise primitive, and make the case for why an enforcement layer between MCP and your DB is the architecture — not an option
Speakers
avatar for Gowtham Raj Elangovan

Gowtham Raj Elangovan

Principal Engineer, Comcast
Senior Data Platform & Database Engineering Architect with 13+ years building large-scale, cloud-native, and distributed database systems on-prem and AWS. Expert in autonomous AI-driven optimization, reliability engineering, and platform automation. Proven track record leading teams... Read More →
Wednesday June 10, 2026 1:55pm - 2:20pm IST
Scarlet 2&3
  Security Identity + Trust
  • Audience Experience Level Advanced
  • Session Slides Yes

2:25pm IST

Auditing MCP Tool Calls at the Kernel Level: eBPF as a Trust Boundary Enforcer - Harini Anand, IBM
Wednesday June 10, 2026 2:25pm - 2:50pm IST
As MCP servers exponentially proliferate, a critical question emerges: who audits what an LLM actually did when it invoked a tool?

Application-layer logs can be tampered with or missed. This talk argues that eBPF is the only tamper-resistant audit layer for MCP tool execution and shows you how to build it.

We walk through instrumenting an MCP server's syscall surface with bpftrace and cilium/ebpf: capturing every network egress triggered by a tool call, every file descriptor opened, every exec spawned, correlated back to the originating MCP request ID via process lineage tracking in BPF maps.

The result is an immutable, kernel-enforced audit trail that no application-layer bug or prompt injection can suppress.

We'll also cover using eBPF LSM hooks to enforce policy at call time, blocking tool invocations that attempt unexpected network destinations or file paths effectively making eBPF a runtime policy engine for MCP's threat model.

Attendees leave with a working threat model, reference eBPF programs, and a clear mental model for where kernel enforcement fits in MCP's trust architecture.
Speakers
avatar for Harini Anand

Harini Anand

SDE in Data & AI, IBM
SDE at IBM Data & AI, working on IBM watsonx™. Software Engineering Researcher at UIUC. Computational Cognition Researcher at Georgia Institute of Technology. Biomedical XAI Researcher at Dartmouth College.
Formerly at Niramai & IIT Hyderabad, researching ML for breast cancer and gene regulatory networks. Built cognitive tools for dementia prevention as a student entrepreneur. Google KaggleX Mentee, AWS Scholar, Harvard WE Tech Fellow, Oxford & MIT Summer School alumna and a Stanford... Read More →
Wednesday June 10, 2026 2:25pm - 2:50pm IST
Scarlet 2&3
  Security Identity + Trust

2:55pm IST

Sponsored Session: You Built an MCP Server – Now What? The Path from Prototype to Production - Jatin Mehrotra & Varsha Das, AWS
Wednesday June 10, 2026 2:55pm - 3:20pm IST
MCP prototyping on a laptop is deceptively simple — a few decorators, a stdio transport, and your agent has tools. But the moment you try to serve your team, reality hits: who authenticates callers, how do sessions stay isolated, what happens when three agents invoke your server concurrently, and who traces the call that went wrong at 2 AM?

This talk follows the lifecycle of a real MCP server — from a single-file prototype to a production deployment running on a managed cloud runtime. Along the way, we unpack the four walls every MCP server hits on its way out of localhost: transport (stdio to streamable HTTP), identity (from trust-everyone to verify-everything), concurrency (single-user to multi-session isolation), and observability (from print() to distributed traces).

The highlight is a live demo where we take a three-tool MCP server, deploy it to a managed runtime with zero infrastructure code, connect an AI agent that discovers those tools automatically via the MCP protocol, and then show what production actually looks like — traced multi-tool invocations, session memory across turns, and guardrails blocking a destructive call in real time.

You will leave with a clear mental model of the production gap, a concrete deployment path you can replicate the same evening, and a checklist of what "production-ready" actually means for MCP servers — so the next tool you build doesn't stay trapped on your laptop.
Speakers
avatar for Jatin Mehrotra

Jatin Mehrotra

Developer Advocate, AWS
I am a developer advocate at AWS. I focus on building cloud infrastructure based solutions and now focusing on Generative AI solutions while prioritising a developer-centric approach to my work. Outside of work, I enjoys lifting, Hiking and Saunas.
avatar for Varsha Das

Varsha Das

Developer Advocate, AWS
Backend engineer turned Developer Advocate. 7 years in healthcare + fintech taught me that technical complexity is just storytelling waiting to happen. As a Developer Advocate at AWS, I tell those stories better through demos, write technical deep-dives, and speak at conferences... Read More →
Wednesday June 10, 2026 2:55pm - 3:20pm IST
Scarlet 2&3

3:25pm IST

When Agents Get SSH Keys: Securing Distributed AI Fleet With MCP - Mradul Dubey, ApraLabs
Wednesday June 10, 2026 3:25pm - 3:50pm IST
Agent security discussions focus on prompt injection and sandboxing. But when agents operate on real infrastructure - pushing to Git, executing code via SSH, starting cloud instances - every machine in the fleet carries its own keys, tokens, and credentials, multiplying the risk.

This talk presents the security architecture of apra-fleet, an open-source (Apache 2.0) MCP server that orchestrates AI agents across distributed machines:
- Credential lifecycle: provisioning LLM auth (OAuth, API keys), SSH keys, and Git tokens with automated key-pair migration
- Out-of-band credential entry: passwords collected via separate terminal, never exposed to the LLM. "LLM secure variables" for sensitive text
- Short-lived tokens: GitHub App mints scoped tokens with minute-level TTLs - a compromised session cannot reuse yesterday's token
- Role-scoped permissions: MCP tool constraints make violations structurally impossible - a doer agent cannot call the merge tool
- Encryption at rest

Grounded in production sprints across C++, Node.js, Python, and ML. Attendees leave with reusable patterns for securing multi-agent systems on real infrastructure.
Speakers
avatar for Mradul Dubey

Mradul Dubey

Senior Software Developer, ApraLabs
Mradul is a developer at Apra Labs with over 8 years of experience in ML, edge AI and computer vision. At Apra Labs, he works across the stack from embedded inference to cloud infrastructure. A natural skeptic, his recent focus has shifted to agentic AI - he co-architects to apra-fleet... Read More →
Wednesday June 10, 2026 3:25pm - 3:50pm IST
Scarlet 2&3
  Security Identity + Trust

4:20pm IST

Where MCP Ends and A2A Begins: and Why That Seam Is Breaking Your Agents - Arushi Garg, Adobe & MV Shiva, Google
Wednesday June 10, 2026 4:20pm - 4:45pm IST
Everyone's heard the AAIF framing: MCP handles agent-to-tool, A2A handles agent-to-agent. Clean in theory. In practice, every multi-agent system lives at the boundary of both, and that boundary has no standard.
Context gets dropped. Errors go silent. A state that survived an entire A2A task lifecycle vanishes the moment it crosses into an MCP tool call. Nobody is talking about this publicly.
This session replaces the "vertical vs horizontal" mental model with something more honest: a precise seam diagram showing what each protocol guarantees, what it doesn't, and what falls into the gap. We'll go deep on MCP's Tasks primitive (SEP-1686)- including its two admitted gaps: no retry semantics, no expiry policies. We'll map the real failure modes developers are hitting today, drawn from open GitHub issues across both protocol repos.
Then a live demo using Google's open-source A2A sample repo: no custom code. We'll run a real multi-agent task, cross the protocol boundary, sever the trace header, and watch the silent failure happen in real time.
You'll leave with a clear mental model, a three-point failure checklist, and a concrete picture of what the spec needs next.
Speakers
avatar for MV Shiva

MV Shiva

SWE, Google

avatar for Arushi Garg

Arushi Garg

MTS-2, Adobe
Arushi Garg is an AI Engineer and researcher focused on building intelligent, scalable, and autonomous AI systems. At Adobe, she works on AI-driven backend solutions and cloud-native architectures with expertise in Kubernetes, MCP-based systems, AI agents, and distributed AI workflows... Read More →
Wednesday June 10, 2026 4:20pm - 4:45pm IST
Scarlet 2&3
  MCP Protocol in Depth
  • Audience Experience Level Any

4:50pm IST

Managing Token Usage in MCP Servers Using Code Mode - Bhumika Satpathy, Google
Wednesday June 10, 2026 4:50pm - 5:15pm IST
As the ecosystem for the Model Context Protocol (MCP) expands, developers are hitting a familiar wall: token bloat. While MCP provides a powerful standardized interface for LLMs to interact with external data, the "context tax" of verbose tool definitions and massive data payloads can quickly degrade performance and spike costs. To build production-ready agents, we must move beyond basic implementations and embrace advanced orchestration.

This session dives into the architecture of efficient MCP server design, focusing on the "Code Mode" technique. We will explore how to shift the heavy lifting from the LLM’s reasoning space to the server’s execution environment. Instead of forcing the model to process raw, unrefined data, "Code Mode" empowers the LLM to generate and ship logic—miniature, execution-ready scripts—directly to the MCP server. This approach minimizes round-trip latency and drastically reduces the input tokens required for complex data manipulation.
Speakers
avatar for Bhumika Satpathy

Bhumika Satpathy

Senior Software Engineer, Google
I am a Senior Software Engineer at Google and have been working with the MCP Platform team which helps to ease out creation and deployment of MCP Servers for developers within Google. We have solved multitude of challenges that users have faced and explored multiple techniques in... Read More →
Wednesday June 10, 2026 4:50pm - 5:15pm IST
Scarlet 2&3
  Building with MCP

5:20pm IST

Why Our AI Agent Couldn't Scale Without MCP — and How We Built It - Para Hitesh & Mohit Jichkar, Red Hat
Wednesday June 10, 2026 5:20pm - 5:45pm IST
Building an AI sales assistant means pulling data from everywhere , Salesforce for accounts, Snowflake for product catalogs, and internal KBs for pricing. We started by hardcoding each integration into the agent. It worked until every new data source meant rewriting agent code, duplicating auth logic, and redeploying everything. Tool definitions were tightly coupled, making it impossible to evolve the data layer independently.MCP changed everything. In this talk, I'll walk through how we built a production AI sales assistant using LangGraph connected to multiple MCP servers ,each wrapping a different backend, owned by a different team. I'll cover: why direct integrations become unmaintainable at 3+ sources; our reusable FastMCP server template that spins up domain-specific servers in days; how a user's SSO token flows end-to-end from agent through MCP to Snowflake OAuth with zero credential storage; why tool descriptions and agent prompts matter more than the protocol itself , and the patterns we developed (normalize-before-search, dynamic prompt injection) to make the LLM reliably pick the right tool; and what broke in production with real failures and real fixes.
Speakers
avatar for Mohit Jichkar

Mohit Jichkar

Senior Data Scientist, Red Hat
Mohit Jichkar is a Senior Data Scientist at Red Hat, where he builds AI-powered solutions. He has 7+ years of experience working across data science, machine learning, and AI. He has an M.Tech in Data Science and Engineering from BITS Pilani. He holds several US patents in AI based... Read More →
avatar for Para Hitesh

Para Hitesh

Senior Data Scientist, Red Hat
Hitesh Para is a Senior Data Scientist at Red Hat, where he builds AI-powered solutions . Prior to Red Hat, he spent over 4 years at Genpact specializing in NLP and Generative AI solutions. Hitesh holds a Google Professional Machine Learning Engineer certification, has published research... Read More →
Wednesday June 10, 2026 5:20pm - 5:45pm IST
Scarlet 2&3
  Building with MCP
  • Audience Experience Level Any
  • Session Slides Yes
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Audience Experience Level
  • Session Slides
  • Workshop
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.