Loading…
April 2-3, 2026
New York, NY
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit North America to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Workshop: Securing MCP: Threats, Trust and What You Can Actually Do About It - Sam Morrow, GitHub [Pre-Registration Required, Additional Fee]
Wednesday April 1, 2026 1:00pm - 4:00pm EDT
Marquis Ballroom Salon C (9th Floor)
There is a running joke that 'The “S” in MCP Stands for Security', but is that reasonable? What threats exist? What layers do they operate on? How can you safely host MCP servers in production? Can you connect to MCPs in sensitive environments? Drawing from lessons learned at GitHub and beyond, this interactive discussion will explore the practical realities of MCP security today, examining real exploits and vulnerabilities that have emerged, what mitigations are effective and how the spec/ecosystem might evolve to better address these risks.

The threat landscape touches every layer. Server authors face supply chain risks, tool poisoning, and building integrations that are frequent targets for attempted exploits. Client and host developers need to handle authentication, consent, session integrity, and permission scoping across tools they don't control. Gateway and registry operators are trying to establish trust signals for servers that may be well-intentioned but poorly built, or actively malicious. And all of this sits on top of a fundamental reality: models may follow instructions from any content they process, regardless of where it came from.

In this workshop, we will:
  1. Walk through real attack scenarios, including cross-repository data exfiltration and the class of vulnerabilities Simon Willison describes as the "lethal trifecta"
  2. Break down the threat model across MCP servers, clients, and gateways: prompt injection, session hijacking, tool poisoning, credential handling, over-permissioned tokens and more.
  3. Examine what guardrails exist today in the spec and in practice, what they actually protect against, and where significant gaps remain
  4. Dig into the question of untrusted servers: what would it take to safely run an MCP server you don't fully trust, and whether that's a realistic goal
  5. Open the floor to the room. Bring your own threat scenarios, architectural concerns, and hard-won lessons. This is a facilitated discussion, not a lecture

You'll leave with a concrete understanding of the current MCP threat landscape, practical approaches to reducing risk at each layer, and a realistic sense of what problems remain unsolved. Whether you're building servers, integrating MCP into a product, or evaluating it for your organization, this session will help you invest your security effort where it counts.



Speakers
avatar for Sam Morrow

Sam Morrow

Senior Software Engineer, GitHub
Sam is a Senior Software Engineer at GitHub, where he leads development of the GitHub MCP server. He works on AI developer tools and helps shape agentic workflows at GitHub. In a past life he was also a professional drummer.
Wednesday April 1, 2026 1:00pm - 4:00pm EDT
Marquis Ballroom Salon C (9th Floor)
  Workshop

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Conference Scheduling Software Privacy Terms
Share Modal

Share this link via

Or copy link