Loading…
April 2-3, 2026
New York, NY
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit North America to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Shadow MCP: Finding the MCPs Nobody Approved - Aidan Sochowski & Alexander Frazer, Runlayer
Thursday April 2, 2026 3:35pm - 4:00pm EDT
Empire Complex (7th Floor)
Shadow IT is back - but this time it's AI-powered. Employees are configuring MCP servers directly in Cursor, Claude Desktop, and VS Code, creating a blind spot that traditional security tools miss. These shadow MCPs operate outside centralized control, enabling data exfiltration, supply chain attacks, and compliance violations.

This talk exposes the shadow MCP problem and presents a comprehensive detection and response framework:

- Why shadow MCPs are uniquely dangerous (AI amplifies access, automates actions, no audit trail)
- Discovery techniques: IDE config scanning, MDM integration, network detection patterns
- Classification: distinguishing managed vs shadow servers across device fleets
- Response playbooks: triage, investigation, remediation by risk level

I'll share real vulnerability examples from official MCPs (GitHub, Asana, Supabase, Postmark) and demonstrate automated detection through IDE hooks (Cursor, Claude Code) and MDM platforms (SimpleMDM, Jamf).

Attendees will leave with practical techniques for gaining visibility into shadow MCP usage and a framework for bringing unauthorized integrations under organizational control.
Speakers
AS

Aidan Sochowski

Senior Product Engineer, Runlayer
Aidan is a founding product engineer at Runlayer. Previously he's worked
at Glean on scalable connector and crawler infrastructure and at YouTube
on recommendations serving infrastructure

... Read More →
avatar for Alexander Frazer

Alexander Frazer

Founding Security Engineer, Runlayer
Alexander Frazer is a Founding Security Engineer at Runlayer, specializing in generative AI and cybersecurity. With 15+ years of experience, he focuses on AI security challenges and MCP implementations. Previously he has led creation and evaluation of AI-driven security triage systems... Read More →
Shadow AI MCP Dev Summit pdf
Shadow AI MCP Dev Summit pptx
Thursday April 2, 2026 3:35pm - 4:00pm EDT
Empire Complex (7th Floor)
  Security and Operations

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Conference Scheduling Software Privacy Terms
Share Modal

Share this link via

Or copy link