MCP Dev Summit North America

AI apps aren't just chatbots with a better UI. They're a new class of software defined by how agents discover, connect to, and act on services, and building them well requires rethinking interface design, user journeys, and architecture.
In this hands-on workshop, we'll walk through what it means to build an MCP App or ChatGPT App, starting from first principles. What are they? What makes an agentic experience (AX) feel natural? What are the high-level design decisions that separate a demo from something production-worthy? From there, we get into the build. We'll use Skybridge, Alpic's open-source Typescript framework, to structure and architect an app that works across MCP-compatible hosts (Claude, ChatGPT) without duplicating your logic for each platform. A live walkthrough of every tool Skybridge provides to go from zero to a working AI app:
create command and starter repositories to scaffold a project in seconds

The dev server, which bundles a rendering emulator and MCP server inspector for local development

The skills that come packaged with it that helps you build your idea hassle-free

The tunneling solution to expose your local environment directly to ChatGPT and Claude for real-time testing

The hooks library for managing interactions with the model and your backend with protocol differences abstracted for your convenience

Widget-to-context synchronization and the mechanisms that keeps the model aware of what UI is currently displayed to the user, ensuring coherent multi-turn conversations

By the end of the three hours, you'll have:
A mental model for designing agentic user journeys
A working app built with Skybridge, deployable across MCP hosts and ChatGPT Apps
Hands-on familiarity with Skybridge's core principles
A repeatable architecture you can bring back to your own projects
You don't need to have built an MCP server before. You do need to be comfortable writing code and curious about where agent-first interfaces are headed.

Pre-registration and additional fee is required. To register: add it to your MCP Dev Summit North America registration. 

SHARED LINKS
Our open-source repo: https://github.com/alpic-ai/skybridge
Documentation: https://skybridge.tech/
Presentation slides: https://www.figma.com/deck/zcwLjAmoPOtXfJRUaFzrPd/26-4-Workshop-Dev-Summit?node-id=4375-984&t=DBShAWMHTqV9KTfu-1

There is a running joke that 'The “S” in MCP Stands for Security', but is that reasonable? What threats exist? What layers do they operate on? How can you safely host MCP servers in production? Can you connect to MCPs in sensitive environments? Drawing from lessons learned at GitHub and beyond, this interactive discussion will explore the practical realities of MCP security today, examining real exploits and vulnerabilities that have emerged, what mitigations are effective and how the spec/ecosystem might evolve to better address these risks.

The threat landscape touches every layer. Server authors face supply chain risks, tool poisoning, and building integrations that are frequent targets for attempted exploits. Client and host developers need to handle authentication, consent, session integrity, and permission scoping across tools they don't control. Gateway and registry operators are trying to establish trust signals for servers that may be well-intentioned but poorly built, or actively malicious. And all of this sits on top of a fundamental reality: models may follow instructions from any content they process, regardless of where it came from.

In this workshop, we will:

1. Walk through real attack scenarios, including cross-repository data exfiltration and the class of vulnerabilities Simon Willison describes as the "lethal trifecta"
2. Break down the threat model across MCP servers, clients, and gateways: prompt injection, session hijacking, tool poisoning, credential handling, over-permissioned tokens and more.
3. Examine what guardrails exist today in the spec and in practice, what they actually protect against, and where significant gaps remain
4. Dig into the question of untrusted servers: what would it take to safely run an MCP server you don't fully trust, and whether that's a realistic goal
5. Open the floor to the room. Bring your own threat scenarios, architectural concerns, and hard-won lessons. This is a facilitated discussion, not a lecture

You'll leave with a concrete understanding of the current MCP threat landscape, practical approaches to reducing risk at each layer, and a realistic sense of what problems remain unsolved. Whether you're building servers, integrating MCP into a product, or evaluating it for your organization, this session will help you invest your security effort where it counts.