MCP Dev Summit North America

The job of a software engineer is rapidly evolving. We're now beyond using AI as a Stack Overflow alternative or even as a pair programmer. Agentic engineering - the act of building and maintaining a system to reliably give coding agents the tools and context they need to complete work autonomously - is the new layer of abstraction the industry is moving toward.

Core to building these autonomous coding agents is the notion of a "closed agentic loop". To create a closed loop for your coding agent, you need to provide it (1) tools to verify work is complete, (2) tools to debug work along the way, and (3) a carefully crafted prompt that communicates a "definition of done" that pulls it all together. That empowers your agent to iterate on solutions - sometimes for hours - until it delivers to completion.

As you might imagine, MCP is often the ideal delivery mechanism for those loop-closing tools.

In this workshop, we will:
Introduce the concept of agentic engineering and the "aha" moments that can take you from pair programming with a single agent to regularly wielding 5-10 coding agents at once. 

Close a simple loop: Figma design to working, pixel-perfect UI element verified by Playwright.
Close a more complex loop: take an alert from an observability platform, reproduce the problem in a staging environment with Playwright, capture the logs, open a PR with a fix, deploy to staging, verify the fix, and close the alert - all in one prompt.

Encourage you to try building a loop on your own codebase for a real piece of work on your plate - and raise to the group what kind of hurdles you might run into while trying to do so

You'll leave with actionable next steps to make your team's codebase agentic-engineering-ready and a clear picture of what success looks like.

Pre-registration and additional fee is required. To register: add it to your MCP Dev Summit North America registration. 

AI apps aren't just chatbots with a better UI. They're a new class of software defined by how agents discover, connect to, and act on services, and building them well requires rethinking interface design, user journeys, and architecture.
In this hands-on workshop, we'll walk through what it means to build an MCP App or ChatGPT App, starting from first principles. What are they? What makes an agentic experience (AX) feel natural? What are the high-level design decisions that separate a demo from something production-worthy? From there, we get into the build. We'll use Skybridge, Alpic's open-source Typescript framework, to structure and architect an app that works across MCP-compatible hosts (Claude, ChatGPT) without duplicating your logic for each platform. A live walkthrough of every tool Skybridge provides to go from zero to a working AI app:
create command and starter repositories to scaffold a project in seconds

The dev server, which bundles a rendering emulator and MCP server inspector for local development

The skills that come packaged with it that helps you build your idea hassle-free

The tunneling solution to expose your local environment directly to ChatGPT and Claude for real-time testing

The hooks library for managing interactions with the model and your backend with protocol differences abstracted for your convenience

Widget-to-context synchronization and the mechanisms that keeps the model aware of what UI is currently displayed to the user, ensuring coherent multi-turn conversations

By the end of the three hours, you'll have:
A mental model for designing agentic user journeys
A working app built with Skybridge, deployable across MCP hosts and ChatGPT Apps
Hands-on familiarity with Skybridge's core principles
A repeatable architecture you can bring back to your own projects
You don't need to have built an MCP server before. You do need to be comfortable writing code and curious about where agent-first interfaces are headed.

Pre-registration and additional fee is required. To register: add it to your MCP Dev Summit North America registration. 

SHARED LINKS
Our open-source repo: https://github.com/alpic-ai/skybridge
Documentation: https://skybridge.tech/
Presentation slides: https://www.figma.com/deck/zcwLjAmoPOtXfJRUaFzrPd/26-4-Workshop-Dev-Summit?node-id=4375-984&t=DBShAWMHTqV9KTfu-1

Enterprise adoption of the Model Context Protocol is accelerating — but the path from "MCP works on my laptop" to "MCP is running securely across our organization" is windy and challenging. The reality is that building MCPs isn’t particularly hard. Instead, the challenges are around OAuth, identity sprawl, and the governance requirements your security team will eventually land on your desk.

The core insight is straightforward: MCP servers should focus on tools, resources, and prompts — not rebuilding OAuth infrastructure from scratch every time. A dedicated identity and governance control plane can absorb that complexity once, rather than forcing every server to solve it independently.

In this workshop, we will:
Break down the authentication challenges blocking enterprise MCP adoption — OAuth scopes, dynamic client registration, token lifecycle management, and why static-only providers like Microsoft Entra are their own special headache

Show how consolidating identity into a control plane changes your architecture from a sprawl of redundant auth implementations into something actually manageable

Work through real governance scenarios: integrating remote MCP servers with an enterprise IdP, scoping tool access by user group, and applying controls at the individual tool level

Look at what central auditing and token revocation give your security team — and why that matters for getting MCP approved for production

Cover filtering strategies for PII exposure and prompt injection on MCP tool calls

You'll leave with a clearer picture of the architectural decisions ahead of you, and a better sense of what your security team is going to ask for before they sign off on any of this.


Pre-registration and additional fee is required. To register: add it to your MCP Dev Summit North America registration. 

There is a running joke that 'The “S” in MCP Stands for Security', but is that reasonable? What threats exist? What layers do they operate on? How can you safely host MCP servers in production? Can you connect to MCPs in sensitive environments? Drawing from lessons learned at GitHub and beyond, this interactive discussion will explore the practical realities of MCP security today, examining real exploits and vulnerabilities that have emerged, what mitigations are effective and how the spec/ecosystem might evolve to better address these risks.

The threat landscape touches every layer. Server authors face supply chain risks, tool poisoning, and building integrations that are frequent targets for attempted exploits. Client and host developers need to handle authentication, consent, session integrity, and permission scoping across tools they don't control. Gateway and registry operators are trying to establish trust signals for servers that may be well-intentioned but poorly built, or actively malicious. And all of this sits on top of a fundamental reality: models may follow instructions from any content they process, regardless of where it came from.

In this workshop, we will:

1. Walk through real attack scenarios, including cross-repository data exfiltration and the class of vulnerabilities Simon Willison describes as the "lethal trifecta"
2. Break down the threat model across MCP servers, clients, and gateways: prompt injection, session hijacking, tool poisoning, credential handling, over-permissioned tokens and more.
3. Examine what guardrails exist today in the spec and in practice, what they actually protect against, and where significant gaps remain
4. Dig into the question of untrusted servers: what would it take to safely run an MCP server you don't fully trust, and whether that's a realistic goal
5. Open the floor to the room. Bring your own threat scenarios, architectural concerns, and hard-won lessons. This is a facilitated discussion, not a lecture

You'll leave with a concrete understanding of the current MCP threat landscape, practical approaches to reducing risk at each layer, and a realistic sense of what problems remain unsolved. Whether you're building servers, integrating MCP into a product, or evaluating it for your organization, this session will help you invest your security effort where it counts.