Loading…
April 2-3, 2026
New York, NY
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit North America to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
Venue: Astor Ballroom (7th Floor) clear filter
Thursday, April 2
 

11:50am EDT

MCP Gateways: The Control Plane for Agentic Integration - Alex Salazar, Arcade.dev
Thursday April 2, 2026 11:50am - 12:15pm EDT
Astor Ballroom (7th Floor)
As MCP deployments grow beyond a few tools, the failure mode isn’t the model—it’s the integration surface. Teams quickly accumulate many MCP servers, inconsistent authentication, duplicated “almost-the-same” tools, and no single place to apply policy, observe behavior, or onboard agents and new systems.

This talk introduces the MCP Gateway pattern: a single MCP entrypoint that federates multiple servers into curated tool surfaces for each agent, workflow, or IDE. Borrowing lessons from the API boom, we’ll show how to structure capabilities into layered building blocks—system access, reusable orchestration, and channel-specific experiences—so you avoid point-to-point spaghetti while keeping integrations composable.

You’ll see a reference architecture that separates front-door caller identity from downstream tool authorization (scoped OAuth or API keys), supports tool allowlists and LLM-facing usage guidance, and adds the controls teams need: routing, versioning, rate limits, audit logs, and end-to-end tracing. You’ll leave with a practical checklist for turning tool sprawl into a governed integration platform that stays interoperable as new agents, clients, and systems arrive.
Speakers
avatar for Alex Salazar

Alex Salazar

Co-Founder/CEO, Arcade.dev
Alex Salazar is the Co-Founder and CEO of Arcade.dev, the runtime for MCP that enables AI agents to securely take real actions across enterprise systems. He's solving the hardest problems standing between AI agent demos and production deployment: secure agent authorization, high-accuracy... Read More →
Thursday April 2, 2026 11:50am - 12:15pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices

12:20pm EDT

MCP: The Gateway to Real-Time Human–AI Collaboration in Jupyter at Scale - Jake Diamond-Reivich, Project Jupyter
Thursday April 2, 2026 12:20pm - 12:45pm EDT
Astor Ballroom (7th Floor)
Additional Authors/Contributors:
  • Andrey Velichkevich – Kubeflow Steering Committee
  • Zach Sailer - Jupyter Executive Council


Jupyter Notebooks are critical medium for code, data, and ML, demanding a paradigm shift for AI assistance. With Jupyter's real-time collaboration and cloud-native evolution, it's becoming a powerful portal to a full data platform, beyond mere notebooks.

This session explores MCP as the essential framework for human-AI synergy within this expanded Jupyter ecosystem. Leveraging Jupyter's extensibility, MCP expands its API, opening gateways to services across the entire data, ML, and AI landscape. By extending Jupyter’s real-time collaborative models, MCP enables AI agents to seamlessly co-create alongside human developers. This integration moves beyond traditional AI coding assistance, fostering true parallel work without conflicting edits, eliminating friction and accelerating development.

The speakers will give the live demo showing how MCP provides the blueprint for connecting AI assistance directly with the Jupyter environment, both locally and in the cloud. This empowers builders to redefine human-AI interaction and unlock unprecedented productivity across the entire AI development lifecycle – from data preparation and feature engineering to LLMs fine-tuning and evaluations.
Speakers
JD
Thursday April 2, 2026 12:20pm - 12:45pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices, Apps and Agents

12:50pm EDT

CANCELLED - Scaling Agentic AI on Cloud: MCP Best Practices for Large Enterprises - Ankit Haseeja, JPMC
Thursday April 2, 2026 12:50pm - 1:15pm EDT
Astor Ballroom (7th Floor)
How MCP Can Be Used to Build Scalable, Secure, Cloud-Native Agentic Systems on AWS, Azure, and GCP

As enterprises adopt agentic AI, the need for scalable, secure, cloud-native architectures becomes critical. This session explores how the Model Context Protocol (MCP) enables agents to reliably connect with cloud services across AWS, Azure, and GCP using a unified, open standard. Attendees will learn architecture patterns for deploying agents on serverless runtimes and container platforms, strategies for scaling multi-agent workflows, and methods to enforce enterprise-grade security using IAM, secret management, VPC networking, and policy controls. The talk also covers best practices for integrating MCP agents with databases, storage, monitoring, and enterprise APIs, along with techniques for cost optimization and observability. By the end, participants will understand how MCP simplifies interoperability and provides a foundation for building robust, production-ready agentic systems across multi-cloud environments.
Thursday April 2, 2026 12:50pm - 1:15pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices

2:35pm EDT

Protocol Evolution: Adapting the Model Context Protocol for SLMs and the Edge - Kierra Dotson, Further
Thursday April 2, 2026 2:35pm - 3:00pm EDT
Astor Ballroom (7th Floor)
The Model Context Protocol (MCP) was designed for robust, cloud-based LLM interactions. However, the proliferation of Small Language Models (SLMs) and their deployment on resource-constrained edge devices (e.g., IoT, mobile) introduces critical challenges to the protocol's current specification. This talk provides a deep-dive into the necessary technical adaptations for MCP to thrive at the edge. We will explore:
Context Window Optimization: Protocol-level strategies for efficient context serialization and deserialization to minimize latency and memory footprint on SLMs.
Asynchronous Context Management: How to handle intermittent connectivity and power-saving modes on edge devices through novel MCP transport and state management mechanisms.
Edge-Native Context Caching: A proposal for a lightweight, on-device context caching layer that adheres to the MCP specification while ensuring data freshness and integrity. Attendees will leave with a clear understanding of the current limitations and a roadmap for contributing to the MCP specification's evolution for the next generation of ubiquitous, context-aware edge AI.
Speakers
avatar for Kierra Dotson

Kierra Dotson

Director of AI Strategy, Further
Kierra Dotson is an AI Engineer specializing in the critical intersection of AI strategy, operations (AgentOps), and governance. With a strong background in Cloud Engineering, DevOps, and Data Architecture, she focuses on building scalable, reliable, and compliant AI systems. Kierra... Read More →
Protocol Evolution Adapting MCP for SLMs and the Edge pdf
Thursday April 2, 2026 2:35pm - 3:00pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices
  • Audience Experience Level Advanced
  • Session Slides Yes

3:05pm EDT

Your #1 Docs Audience Isn't Human: Dev Ed's MCP Strategy at Apollo - Daniel Abdelsamed, Apollo GraphQL
Thursday April 2, 2026 3:05pm - 3:30pm EDT
Astor Ballroom (7th Floor)
AI agents are rapidly becoming the primary consumers of technical documentation. At Apollo GraphQL, our traffic data shows agents on pace to become our #1 traffic source, prompting a shift in how we write, structure, and serve docs. We now have two distinct audiences that read differently: AI needs patterns, not paragraphs. Connecting sentences that help humans are now wasted tokens.

As the sole documentation engineer at Apollo, I’ve spent the past year building MCP tooling for our docs. This talk covers what worked, what failed, how we tested, and what surprised us.

I’ll walk through the evolution from serving AI full pages to chunked retrieval strategies that balance completeness with token usage. You’ll see how we used AI tooling to restructure docs for AI readability and exposed them as MCP tools agents are compelled to use.

To measure progress, we built an evaluation suite: a sandboxed runner that executes end-user prompts against our MCP server, builds an application, seals the output, then passes it to a second model for scoring against a reference solution and rubric. I’ll demo this live and share how it produced stable metrics in a non-deterministic AI world.
Speakers
avatar for Daniel Abdelsamed

Daniel Abdelsamed

Staff Software Engineer, Apollo GraphQL
Daniel Abdelsamed is a Staff Software Engineer at Apollo, where he has spent the last four years architecting and scaling the company’s documentation platforms. With nearly a decade of experience in TypeScript and application design, he focuses on building durable, developer-friendly... Read More →
Dev Ed's MCP Strategy at Apollo pdf
Thursday April 2, 2026 3:05pm - 3:30pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices

3:35pm EDT

OCI Images as MCP Packaging: Supply Chain Security for AI Tools - Juan Antonio Osorio, Stacklok
Thursday April 2, 2026 3:35pm - 4:00pm EDT
Astor Ballroom (7th Floor)
So you found an MCP server on npm that does exactly what you need. You run npx and... now what? One reason people skip security verification for MCP servers is that it's genuinely hard to know what you're actually running. The package works, so why question it?

Here's the thing: MCP servers are getting access to your files, your APIs, your credentials. We should probably know what's in them before we hand over the keys.

In this talk, we'll dig into using OCI containers as the packaging standard for MCP servers - not because containers are trendy, but because they unlock supply chain security constructs that npm and PyPI simply don't have. We'll walk through building repackaging pipelines that verify source packages, run MCP-specific security scans, and produce attestations with Sigstore. Real pipelines, real commands, real output.

Note that this won't solve every trust problem - but it gets us a lot closer to "I know what I'm running" than the current state of affairs.
Speakers
avatar for Juan A. Osorio

Juan A. Osorio

Principal Engineer, Stacklok
Juan Antonio "Ozz" Osorio is a Mexican software engineer living in Finland. His background spans security for OpenStack, Kubernetes, and bare metal environments. Currently at Stacklok, he founded the ToolHive project and has been building MCP infrastructure, including supply chain... Read More →
Presentation OCI Images pdf
Thursday April 2, 2026 3:35pm - 4:00pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices

4:30pm EDT

Bridging Kernel Space and AI: Building an MCP Server for Linux Scheduler Observability - Daniel Hodges, Meta
Thursday April 2, 2026 4:30pm - 4:55pm EDT
Astor Ballroom (7th Floor)
The Model Context Protocol enables AI assistants to interface with external tools and data sources, but most examples focus on high-level APIs and databases. This talk explores building a production MCP server that exposes low-level Linux kernel observability data to AI assistants, enabling natural language debugging of complex systems.

`scxtop` is an observability tool for Linux's new sched_ext extensible scheduler framework (https://github.com/sched-ext/scx/tree/main/tools/scxtop). By implementing MCP, it allows developers to ask questions like "Why is my application experiencing high scheduling latency?" and receive AI-driven analysis that correlates kernel tracing data, hardware topology, performance counters, and scheduler internals.
Speakers
avatar for Daniel Hodges

Daniel Hodges

Software Engineer, Meta
Daniel Hodges is a software engineer on the Linux team at Meta. He has previous worked in areas such a observability, profiling, and application performance testing.
Copy of Bridging Kernel Space and AI Building an MCP Server for Linux Scheduler Observability pdf
Thursday April 2, 2026 4:30pm - 4:55pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices
  • Audience Experience Level Advanced
  • Session Slides Yes

5:00pm EDT

MCP Meets Java: Engineering the MCP Java SDK - Dariusz Jędrzejczyk, Broadcom
Thursday April 2, 2026 5:00pm - 5:25pm EDT
Astor Ballroom (7th Floor)
Implementing the Model Context Protocol (MCP) in Java poses a challenge: mapping a fast-evolving specification onto a language that favors strict type safety and stability. This session explores the evolution of the official MCP Java SDK, moving beyond naive implementation to address the "hectic" reality of a shifting protocol while providing an enterprise-grade AI enabler.

We’ll discuss the transition from early bidirectional transports to recent Streamable HTTP with sessions and stateless patterns. You’ll learn how Java’s type system led to a "correct-by-construction" approach, ensuring invalid states are unrepresentable, rather than just throwing runtime errors. We will cover Java-specific security considerations, including pluggable authorization hooks designed for a fragmented security ecosystem.

Finally, we’ll share lessons on balancing abstraction with pragmatism: how we decoupled JSON serialization for pluggability and managed the friction between Java’s synchronous heritage and MCP’s asynchronous nature. Whether you're building AI-enabled apps or designing cross-language SDKs, this talk provides a blueprint for robust MCP adoption.
Speakers
avatar for Dariusz Jędrzejczyk

Dariusz Jędrzejczyk

Principal Software Engineer, Broadcom
Member of the Spring Team. MCP Java SDK maintainer. Maintainer of Project Reactor. Contributes to Spring portfolio projects. Passionate about developer productivity, distributed systems, concurrency, system design, and networking. Dariusz has commercial experience in Platform Engineering... Read More →
MCP Meets Java key
Thursday April 2, 2026 5:00pm - 5:25pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices
  • Audience Experience Level Any
  • Session Slides Yes

5:30pm EDT

Rules Are Not Suggestions: A History of MCP Non-Compliance - Sterling Dreyer, Arcade.dev
Thursday April 2, 2026 5:30pm - 5:55pm EDT
Astor Ballroom (7th Floor)
Less than 20% of remote MCP servers fully comply with the MCP Specification.
MCP adoption took off quickly, but full compliance didn't follow at the same pace. Today, partial implementations are common across both clients and servers, and the reasons go beyond just a fast-moving spec.
In this session, we'll walk you through:
-The first version of the MCP Specification and what it was designed for
-How MCP evolved to keep up with the quickly evolving AI ecosystem
-How clients and servers deviate from the spec and why developers choose not to comply
-What we can do to shrink the gap between design and implementation
This isn't a story about bad developers or tight deadlines. It's about how bending the rules has become part of how agents get built.
Speakers
avatar for Sterling Dreyer

Sterling Dreyer

Founding Engineer, Arcade.dev
Sterling is a founding engineer at Arcade.dev, focused on backend and infrastructure. Before Arcade, he was the second engineer at Featureform, a feature store platform acquired by Redis.
Rules Are Not Suggestions v3 pdf
Thursday April 2, 2026 5:30pm - 5:55pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices
  • Audience Experience Level Any
  • Session Slides Yes
 
Friday, April 3
 

11:30am EDT

Code Mode Without the Code - Bob Dickinson, TeamSpark
Friday April 3, 2026 11:30am - 11:55am EDT
Astor Ballroom (7th Floor)
Major AI players (Cloudflare, Anthropic, Docker) advocate "Code Mode" - having LLMs generate wrapper MCP servers to orchestrate tools, drastically reducing context usage. However, executing LLM-generated code introduces security risks and compliance challenges.

mcpGraph provides Code Mode benefits without code execution risks. It's a YAML-based DSL for declarative MCP tool orchestration using directed graphs. Tools are defined as graphs with MCP nodes, JSONata transforms, and JSON Logic conditionals, all inspectable and auditable, and exposed to agents as MCP tools themselves.

We'll cover and demo three MCP servers: mcpGraph (the core engine), mcpGraphToolkit (agent development tools for building/testing/deploying graphs, with associated agent skills), and mcpGraphUX (visual inspection and debugging).

This approach delivers Code Mode efficiency while maintaining security, observability, and compliance—no arbitrary code execution required.

mcpGraph is open source and available at: https://github.com/TeamSparkAI/mcpGraph

The presentation will be largely based on this document (and referenced videos): https://github.com/TeamSparkAI/mcpGraph/blob/main/docs/no-code-code-mode.md
Speakers
avatar for Bob Dickinson

Bob Dickinson

Founder, TeamSpark
Serial founder, CTO at scale, and always a hands-on builder. Creator of MCP Tool Vault and the open source projects tsAgent and mcpGraph. Maintainer of MCP Registry and MCP Inspector. Background in security, including as CTO of OneLogin and Censys.
Code Mode without the Code pdf
Friday April 3, 2026 11:30am - 11:55am EDT
Astor Ballroom (7th Floor)
  MCP Best Practices

12:00pm EDT

MCP Live: Streaming Context To AI Agents - Harshit Kohli, Amazon Web Services
Friday April 3, 2026 12:00pm - 12:25pm EDT
Astor Ballroom (7th Floor)
Most MCP servers work like snapshots - ask for context, get a response, done. But what happens when your code changes while the AI is working? Or system metrics spike during deployment? Your agent has stale data.

I've been building streaming MCP servers that push live updates to AI agents. Think file watchers notifying code changes, system monitors streaming metrics, or database triggers sending updates as they happen.

I'll walk through building a live log monitoring MCP server from scratch. We'll extend the basic MCP protocol to handle streaming data using WebSockets, implement event subscriptions, and keep agents synchronized with rapidly changing data.

The demo shows an AI agent monitoring application logs in real-time, detecting anomalies and suggesting fixes as errors occur - not minutes later when someone checks the logs.

This isn't theoretical - I'm using similar patterns in production for DevOps monitoring and trading systems. I'll share the code, discuss gotchas, and show how streaming MCP opens up new use cases.

You'll leave with practical patterns for building reactive MCP servers that keep your AI agents always current.
Speakers
avatar for Harshit Kohli

Harshit Kohli

Sr Technical Account Manager, Amazon Web Services
GenAI/Data Driven individual who has 15+ years of experience. Proven experience with AWS Data Analytics/GenAI services, Cloudera Hadoop, Hortonworks Hadoop and Mapr Hadoop. Achieved customer wins over Amazon Q , Bedrock, Amazon Managed Kafka, Amazon Data Firehose, Kinesis Streams... Read More →
HarshitKohli MCP Live Streaming Context pdf
Friday April 3, 2026 12:00pm - 12:25pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices

2:25pm EDT

From Cypher to Conversation: MCP at WestJet - Anton Lysov, WestJet
Friday April 3, 2026 2:25pm - 2:50pm EDT
Astor Ballroom (7th Floor)
At WestJet, our flight schedule is modeled in a Neo4j graph database - airports, routes, aircrafts, seasonal schedules. The data is rich, but accessing it required Cypher expertise most stakeholders don't have.

I built an MCP server to change that. By creating a proxy layer connecting Claude to our Neo4j database, I enabled non-technical colleagues to query complex flight relationships using natural language. No Cypher. No waiting for developers. Just questions and answers.

This talk covers the journey from idea to working pilot: why I chose MCP, how I architected a proxy server wrapping the Neo4j MCP server, and what I learned deploying it internally. I'll give a live demo showing how analysts can explore our flight network conversationally.

This isn't a top-down initiative. It's about individual ownership - recognizing potential in data your team already maintains and using MCP to unlock value for people who couldn't access it before.
Whether you're exploring MCP for enterprise data or graph databases, this talk offers a practical, beginner-friendly blueprint.
Speakers
avatar for Anton Lysov

Anton Lysov

Software Developer, WestJet
Anton Lysov is a Software Developer at WestJet, working on backend systems that power westjet.com, mobile apps, and services used by teams across the organization. Before WestJet, he was one of the first hires at Rafflebox, helping build a platform that raised over $500M CAD for nonprofits... Read More →
slides pdf
Friday April 3, 2026 2:25pm - 2:50pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices
  • Audience Experience Level Beginner
  • Session Slides Yes

2:55pm EDT

Lessons Learned Building Intelligent UIs With MCP Apps - Riley Scheid, Reboot (reboot.dev)
Friday April 3, 2026 2:55pm - 3:20pm EDT
Astor Ballroom (7th Floor)
With MCP Apps, AI interactions are no longer limited to text. MCP Apps unlock the full power of the web within AI chat, allowing us to build AI-enriched UIs that persist, react and collaborate in real-time.

Through a series of demos and code deep-dives, I’ll showcase foundational patterns that we've found to be effective as MCP Apps gain ubiquity.

Durability: Demo a “text snippet saver” that persists across conversation, thread, and even different AI clients enabling shared memory that follows you everywhere.

Async tasks: Start an async audio transcription job, monitor it with a progress bar, and receive a completion notification in chat, while other work continues.

Realtime sync: See the job we just ran come alive as we play the original audio file with the text transcript rendering in perfect sync.

Multiplayer: Join me in a live collaborative drawing demo accessible through a public MCP server. Draw your best race car in real-time while we watch everyone’s creations come to life. The best drawing wins a prize!

The purpose of these demos is to spark imagination and show a glimpse of the future of intelligent UIs that go beyond the capabilities of the modern web.
Speakers
avatar for Riley Scheid

Riley Scheid

Founding Engineer, Reboot (reboot.dev)
Full stack engineer / human Swiss Army Knife with a decade of professional experience
Friday April 3, 2026 2:55pm - 3:20pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices

3:25pm EDT

MCPwned: Hacking MCP Servers With One Skeleton Key Vulnerability - Jonathan Leitschuh, Independent
Friday April 3, 2026 3:25pm - 3:50pm EDT
Astor Ballroom (7th Floor)
MCPwned weaponizes a widely overlooked MCP-spec weakness, browser-based DNS rebinding, against SSE & streaming-HTTP MCP servers to exfiltrate data and escalate access.
This skeleton key vulnerability hacks your locally running MCP server, just by getting you to visit a malicious website.
Speakers
avatar for Jonathan Leitschuh

Jonathan Leitschuh

Open Source Security Researcher, Independent
Jonathan Leitschuh is an open source software security researcher and self-described Vulnerability Janitor. He was the inaugural Dan Kaminsky Fellow at HUMAN Security and later led research for OpenSSF’s Alpha-Omega project. He is best known for his 2019 Zoom zero-day disclosure... Read More →
Friday April 3, 2026 3:25pm - 3:50pm EDT
Astor Ballroom (7th Floor)
  Security and Operations

4:20pm EDT

From Chaos To Clarity: How MCP Transforms Incident Response - Sebastian Villanelo & Rocío Bayon, PagerDuty
Friday April 3, 2026 4:20pm - 4:45pm EDT
Astor Ballroom (7th Floor)
Imagine being on-call at 3 AM: alerts fire, you scramble between the incident, monitoring dashboards, Slack, runbooks, and ticketing systems. Each tool switch drains cognitive capacity during your highest-stress moments.

Current reality: On-call engineers navigate 5-10 tools under pressure. Managers manually coordinate team responses. Stakeholders interrupt for updates. Result: burnout, delayed resolution, human error.

MCP-powered future: Natural language handles coordination, knowledge retrieval, and status updates. Responders focus on solving problems, not navigating tools. Managers orchestrate responses conversationally. Stakeholders self-serve information.

Attendees learn production patterns for building MCP servers that reduce human fatigue in critical operations: safety mechanisms for high-stakes automation, balancing AI assistance with human oversight, context preservation across operations, and testing strategies for mission-critical workflows.
Speakers
avatar for Sebastian Villanelo

Sebastian Villanelo

Forward Deployment Engineer, PagerDuty
Develop custom reports that help each customer identify and monitor the metrics most relevant to their operations. Gather technical and functional requirements, working closely with the product team to translate customer needs into concrete improvements.
avatar for Rocío Bayon

Rocío Bayon

Product Manager, Forward Deployed Engineering, PagerDuty
Originally from Argentina and based in Chile, I'm a Product Manager on the Forward Deployed Engineering (FDE) team at PagerDuty. With a background in Mechanical Engineering and Business Analytics, I live at the intersection of technology, data, and real-world customer implementations... Read More →
MCP Dev Summit From Chaos to Clarity pdf
Friday April 3, 2026 4:20pm - 4:45pm EDT
Astor Ballroom (7th Floor)
  Security and Operations

4:50pm EDT

Kubernetes-Native Agent Discovery: A Unified Registry for MCP Servers and Skills - Carlos Santana, AWS
Friday April 3, 2026 4:50pm - 5:15pm EDT
Astor Ballroom (7th Floor)
As AI agents become integral to cloud-native architectures, they need a standardized way to discover capabilities available within Kubernetes clusters. Currently, agents must be pre-configured with MCP server endpoints and skill definitions, creating brittleness in dynamic environments where services scale and evolve continuously.
This talk introduces a Kubernetes-native discovery service: a cluster-scoped registry that exposes both MCP servers and Skills through a unified API. By leveraging Kubernetes primitives like CRDs and proven service discovery patterns, we can make agent capabilities first-class citizens in any cluster.
Attendees will learn how to implement a dynamic registry enabling agents to query available MCP servers by capability, discover registered Skills with their metadata, and handle lifecycle changes gracefully. We'll demonstrate a working implementation showing agents dynamically assembling their toolset based on cluster state.
The registry treats MCP servers and Skills as complementary discovery targets. Whether you're running agents in production or just exploring MCP adoption, this talk provides a blueprint for building discoverable agent infrastructure.
Speakers
avatar for Carlos Santana

Carlos Santana

Sr. Kubernetes Specialist SA, AWS
Senior Specialist Solutions Architect at AWS leading Container solutions in the Worldwide Application Modernization (AppMod). He is experienced in distributed cloud application architecture, emerging technologies, open source, serverless, devops. kubernetes, gitops. He is CNCF Ambassador... Read More →
Kubernetes Native Agent Discovery — MCP Dev Summit 2026 pdf
Friday April 3, 2026 4:50pm - 5:15pm EDT
Astor Ballroom (7th Floor)
  Security and Operations
  • Audience Experience Level Advanced
  • Session Slides Yes

5:20pm EDT

Hooks, Not Hacks: Modular Enforcement for MCP Agents - Fred Araujo & Ian Molloy, IBM
Friday April 3, 2026 5:20pm - 5:45pm EDT
Astor Ballroom (7th Floor)
MCP enables agent composition, but leaves security, policy, and governance enforcement to individual implementations. This results in inconsistent controls and security gaps across agents, tools, and environments, pushing platform-specific logic into otherwise portable MCP systems.

This talk presents a hook-based extension pattern for MCP, inspired by the Linux Security Modules (LSM) extensibility model and implemented in open source as part of the ContextForge MCP Gateway. Using standardized pre- and post-execution hooks, the gateway intercepts MCP interactions such as prompt handling, tool invocation, and data transformation. These hooks enable composable security modules—including prompt injection detection, PII redaction, and policy-based access control (OPA/Cedar)—without modifying agent or MCP server logic. By externalizing enforcement into reusable modules, this approach avoids extensibility lock-in and enables interoperability with existing security frameworks.

We show how developers can author MCP extensions and apply consistent controls across agent stacks, focusing on design patterns and interoperability for production-ready MCP systems.
Speakers
avatar for Ian Molloy

Ian Molloy

Department Head, IBM Research
Ian Molloy is a Principal Research Scientists and Department Head of the Security Department at IBM's Thomas J. Watson Research Center, a large and diverse team working across working in cryptography, cloud, AI and Security Intelligence. His primary research interest is in automating... Read More →
avatar for Fred Araujo

Fred Araujo

Principal Research Scientist and Manager, IBM
Dr. Fred Araujo is a Principal Research Scientist and Manager at IBM Research, where he leads research on the security of AI agents and middleware. His work spans protocol security, access control, systems security, and program analysis, and has influenced several IBM and Red Hat... Read More →
Friday April 3, 2026 5:20pm - 5:45pm EDT
Astor Ballroom (7th Floor)
  Security and Operations
 
  • Filter By Date
    Apr 1 - 3, 2026
  • Filter By Venue
    New York, NY, USA
    All
    Astor Ballroom (7th Floor)
    Broadway Ballroom (6th Floor)
    Broadway Ballroom North (6th Floor)
    Broadway Ballroom South (6th Floor)
    Dear Irving on Hudson
    Empire Complex (7th Floor)
    Juilliard Complex (5th Floor)
    Lucky Strike Times Square
    Marquis Ballroom (9th Floor)
    Marquis Ballroom Foyer (9th Floor)
    Marquis Ballroom Salon A + B (9th Floor)
    Marquis Ballroom Salon C (9th Floor)
    North Registration - Fifth Floor Foyer (5th Floor)
    Soho Room (7th Floor)
    Solutions Showcase, Westside Ballroom (5th Floor)
  • Filter By Type
    Apps and Agents
    All
    MCP Best Practices
    Keynote Sessions
    MCP Best Practices
    All
    Apps and Agents
    Protocol in Depth
    Security and Operations
    All
    MCP Best Practices
    Special Events / Exhibits / Breaks
    Sponsor Booth Interactions
    Workshop
  • Audience Experience Level
    Advanced
    Any
    Beginner
    Intermediate
  • Session Slides
    Yes
  • Timezone

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Conference Scheduling Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Wednesday, April 1
Thursday, April 2
Friday, April 3
Astor Ballroom (7th Floor)
Broadway Ballroom (6th Floor)
Broadway Ballroom North (6th Floor)
Broadway Ballroom South (6th Floor)
Dear Irving on Hudson
Empire Complex (7th Floor)
Juilliard Complex (5th Floor)
Lucky Strike Times Square
Marquis Ballroom (9th Floor)
Marquis Ballroom Foyer (9th Floor)
Marquis Ballroom Salon A + B (9th Floor)
Marquis Ballroom Salon C (9th Floor)
North Registration - Fifth Floor Foyer (5th Floor)
Soho Room (7th Floor)
Solutions Showcase, Westside Ballroom (5th Floor)
  • Apps and Agents
  • Keynote Sessions
  • MCP Best Practices
  • Protocol in Depth
  • Security and Operations
  • Special Events / Exhibits / Breaks
  • Sponsor Booth Interactions
  • Workshop
  • Audience Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate
  • Session Slides
  • Yes