MCP Dev Summit Seoul 2026: Full Schedule

I plugged 17 MCP servers into my agent, and the agent got worse: slower decisions, dumber questions, somehow forgetting how to use the same tool it had used five minutes earlier.

That's not an MCP problem, the protocol works. The problem is that MCP defines how a tool is invoked and exactly nothing else. Every invocation is a fresh ceremony of re-discover, re-parse, re-decide, re-handle, with no persistent artifact wrapping any of it. The agent has no memory of what worked, no feedback signal for what didn't, no surrounding context to anchor which tool, when, and why.

Stateless function calls in an inherently stateful problem.

This talk is about the layer above MCP, the one that turns a directory of well-formed tool calls into coherent agent behavior, call it a Skill, a context artifact, or whatever your stack calls it. I'll show what changes when you bolt one on top of MCP: tool-call frequency drops, accuracy climbs, dumb questions to the user disappear.

If your MCP integration demos beautifully but production doesn't, this is the talk for you.

(And if you haven't shipped an MCP server yet, congrats. You'll skip a few mistakes. The protocol is the easy part.)

Speakers

Baruch Sadogursky

Member of DevRel Staff, Tessl AI

Baruch Sadogursky (@jbaruch) did Java before it had generics, DevOps before there was Docker, and DevRel before it had a name. He built DevRel at JFrog, co-authored "Liquid Software" and "DevOps Tools for Java Developers," and is a Java Champion, Microsoft MVP, and CNCF Ambassador... Read More →

Friday August 14, 2026 09:40 - 09:55 KST
Grand Ballroom 1 + 2

Keynote Sessions

10:00 KST

Keynote: To Be Announced

Friday August 14, 2026 10:00 - 10:15 KST

Grand Ballroom 1 + 2

Friday August 14, 2026 10:00 - 10:15 KST
Grand Ballroom 1 + 2

Keynote Sessions

10:15 KST

Keynote: After the Tool Call: What MCP Leaves Open and How to Close It - Viren Baraiya, CTO, Orkes and Co-Creator of Netflix Conductor

Friday August 14, 2026 10:15 - 10:30 KST

Grand Ballroom 1 + 2

Every team building production agents is solving the same execution problems independently: what happens when a tool call runs for an hour, when the process crashes mid-sequence, when a downstream failure requires earlier steps to be undone. MCP doesn't specify this — deliberately. But the absence of shared patterns is costing the ecosystem duplicated effort and incompatible implementations.

This talk contributes a named, reusable pattern — MCP tool sequences as durable sagas with compensation semantics — and puts three concrete candidates on the table for spec extension: async tool results, execution receipts, and cancellation propagation semantics. A worked implementation serves as existence proof that all three are tractable today, not theoretical.

It also reframes how MCP fits into agent architecture: as the intent layer within a larger execution model, not the execution model itself. That distinction makes MCP more composable and keeps the spec lean as the ecosystem scales.

Speakers

Viren Baraiya

CTO, Co-Creator of Netflix Conductor, Orkes

Viren Baraiya is co-founder and CTO of Orkes and the original creator of Netflix Conductor, the open-source distributed workflow orchestration engine he built at Netflix.

He is currently building Agentspan, an open-source durable agent runtime for long-running AI agents built on top of Conductor. Previously he held engineering leadership roles at Google and Goldman Sachs

... Read More →

Friday August 14, 2026 10:15 - 10:30 KST
Grand Ballroom 1 + 2

Keynote Sessions

10:30 KST

Break

Friday August 14, 2026 10:30 - 11:00 KST

Grand Ballroom Foyer

Friday August 14, 2026 10:30 - 11:00 KST
Grand Ballroom Foyer

Registration / Breaks / Special Events

10:30 KST

Solutions Showcase

Friday August 14, 2026 10:30 - 16:05 KST

Grand Ballroom Foyer

Friday August 14, 2026 10:30 - 16:05 KST
Grand Ballroom Foyer

Solutions Showcase

11:00 KST

From API To Agent: Building a Video Intelligence MCP Server and Plugin Ecosystem - James Le, TwelveLabs

Friday August 14, 2026 11:00 - 11:25 KST

Grand Ballroom 1 + 2

Video intelligence is an unusual MCP workload. Operations are asynchronous and long-running (indexing a 30-minute video takes minutes, not milliseconds), inputs span local files and remote URLs, and the tool surface is wide; search, analysis, embeddings, and entity recognition each carry distinct parameter shapes and response patterns.

When we set out to build a production MCP server for TwelveLabs' video understanding platform, these constraints became a useful stress test for the protocol itself. This talk traces the builder's journey from first commit to published npm package (twelvelabs-mcp), covering the decisions that shaped a 19-tool MCP server and the patterns that emerged along the way.

Attendees will leave with concrete patterns for building MCP servers around API-first platforms (particularly those with async workflows, multimodal inputs, and wide tool surfaces), along with a clear picture of how MCP servers can evolve into full agent plugins.

Speakers

James Le

Head of Developer Experience, TwelveLabs

James Le is currently leading Developer Experience at Twelve Labs, a startup building foundation models for video understanding.

Previously, he worked at MLOps startups Superb AI and Snorkel AI and taught production ML content with Full Stack Deep Learning.

He is also the host of Datacast, a podcast following the narrative journey of founders, operators, and investors in the data and AI infrastructure space to unpack the careers that they have built... Read More →

Friday August 14, 2026 11:00 - 11:25 KST
Grand Ballroom 1 + 2

Building with MCP

11:00 KST

When MCP Tools Fail: Reliable ML Inference for MCP Agents - Sho Tanaka, Snowflake

Friday August 14, 2026 11:00 - 11:25 KST

Orchid 2

The Model Context Protocol (MCP) is emerging as a standard for connecting AI agents with external tools. While LLM-based tools are flexible, their non-deterministic behavior makes it difficult to meet requirements for stability, repeatability, and auditability in production systems. In such cases, traditional machine learning models provide more predictable inference and are often preferred for system-critical decisions.

However, ML-powered tools are not free from challenges. Latency, failures, and integration issues can propagate through MCP systems and impact agent behavior, leading to inconsistent decisions, repeated retries, or silent failures.

This session explores what happens when MCP tools fail and how to design systems that remain reliable under such conditions. We present a reproducible demo of failure scenarios, including latency spikes and unstable predictions, and show their impact on agent behavior. We then introduce practical design patterns—such as timeout and retry strategies and observability—to build reliable MCP-based systems.

Attendees will gain concrete techniques to design trustworthy AI systems that remain stable in real-world environments.

Speakers

Sho Tanaka

Lead Developer Advocate, Snowflake

Sho Tanaka is a Lead Developer Advocate at Snowflake, focused on AI/ML and data engineering. He previously worked at Google (gTech) delivering ML/Data solutions across Japan, APAC and global. He is a Google Developer Expert (AI/ML) and a co-founder of the MLOps community in Japan... Read More →

Friday August 14, 2026 11:00 - 11:25 KST
Orchid 2

Security + Identity + Trust

11:30 KST

From AGENTS.md to MCP: Practical Patterns for Agentic Engineering Adoption - Junho Kong, SK Ono

Friday August 14, 2026 11:30 - 11:55 KST

Grand Ballroom 1 + 2

Developers are moving from ad-hoc AI coding assistance to more reliable agentic engineering workflows. But adoption often stalls when agents lack project-specific instructions, safe tool boundaries, and reviewable outputs.

In this session, I’ll share practical patterns from working with the Codex developer community on how teams can move from one-off AI usage toward repeatable engineering workflows. We’ll walk through an adoption ladder: starting with clear task contracts, encoding team conventions in AGENTS.md, exposing external context through MCP-style tools, and closing the loop with tests, human review, approvals, and reusable workflows.

This talk is not a general introduction to MCP. Instead, it focuses on how developers and teams can combine AGENTS.md, scoped tools, review loops, and MCP to make agentic systems more trustworthy and practical in real-world engineering environments.

Speakers

Junho Kong

AI Platform Architect, SK On

Junho is an at SK On and a Codex Ambassador
working at the intersection of agentic engineering, AI platforms, developer tools, and community education. He leads and supports developer community initiatives around Codex and AI-assisted software development, helping developers move from ad-hoc AI usage toward more structured... Read More →

Friday August 14, 2026 11:30 - 11:55 KST
Grand Ballroom 1 + 2

Agent Architecture + Orchestration

11:30 KST

GraphQL Subscriptions as a Real-time Event Transport for MCP Agents - Akshat Sharma, Deskree

Friday August 14, 2026 11:30 - 11:55 KST

Orchid 2

MCP's current transport model is largely request/response — but production agents need to react to live events without polling. GraphQL subscriptions, delivered over graphql-ws or graphql-sse, offer a battle-tested, widely deployed event streaming primitive that maps cleanly onto MCP's resource notification model. This talk covers the full protocol translation layer needed to wire GraphQL subscriptions into an MCP server as push-based resource updates: how subscription events become MCP notifications, how to map GraphQL variables to MCP resource URIs, and how to handle subscription lifecycle — setup, teardown, and mid-session schema changes. We'll dig into the tradeoffs between WebSocket and SSE transports for different agent deployment environments, covering reconnection strategies, message ordering guarantees, and backpressure handling when an agent falls behind the event stream. Load tested using Grafana k6 against 2,000 concurrent subscriptions running on Apollo Server, this architecture achieves P99 event-to-agent latency under 80ms and sustains throughput that is 4.2× faster than a comparable polling baseline.

Speakers

Akshat Sharma

GraphQL Ambassador | Open Source Advocate, Deskree

Akshat Sharma is an Open Source Advocate, GraphQL Ambassador, and Developer Advocate at Deskree, focused on bridging technology and community. Selected among 1,220 contributors for Google Summer of Code 2024, he later mentored in GSoC 2025, Mifos SOC, and Code for GovTech. He has... Read More →

Friday August 14, 2026 11:30 - 11:55 KST
Orchid 2

MCP Protocol in Depth

11:30 KST

The Confused Deputy Problem in MCP: Securing Chained Tool Calls in Multi-Agent Systems - Aviral Sapra, Linux Foundation Decentralized Trust & Ryan Madhuwala, Caracal

Friday August 14, 2026 11:30 - 11:55 KST

Orchid 1

As MCP systems move from single tool use to multi server and multi agent workflows, a key security question appears: when one server calls another on behalf of a user, whose authority is actually used. In this talk I show how chained MCP calls can create a confused deputy scenario where a server unintentionally uses its own higher privileges instead of the user’s limited permissions, leading to privilege escalation and capability leakage. I demonstrate this with a working multi server setup that exposes three concrete failure modes: token scope amplification across calls, server to server impersonation caused by implicit trust, and over delegation of capabilities during orchestration. I then present a practical mitigation based on capability driven design, where each request carries explicit scoped permissions, preserves the caller chain, and is verified at every hop. A prototype implementation shows how these controls block real attack paths while keeping developer experience simple. Finally, I highlight gaps in the current MCP specification and suggest extensions for safer multi agent systems.

Speakers

Aviral Sapra

Founder, Linux foundation Decentralized Trust

I am an LFX’25 mentee of the Linux Foundation Decentralized Trust and a Web3 engineer specializing in systems development working towards my B.Tech in Computer Science from IIIT Gwalior. I have experience in developing solutions using Hyperledger Besu, and verifiable credentials... Read More →

Ryan Madhuwala

Founder, Caracal

Creator and maintainer of GitMesh, a new lab under LF Decentralized Trust that transforms market surveillance into actionable Git commits. As the youngest lab leader in LFDT history, I'm building the AI infrastructure that helps developer companies decide what to build next by watching... Read More →

Friday August 14, 2026 11:30 - 11:55 KST
Orchid 1

Security + Identity + Trust

12:00 KST

From Chaebol to Cloud-Native: MCP Agent Platforms Inside Korea's Manufacturing Giants - Yogesh Sardana, Independent

Friday August 14, 2026 12:00 - 12:25 KST

Orchid 2

Korea's industrial conglomerates—chaebols like Samsung, SK Hynix, Hyundai, LG, and POSCO—operate the most sophisticated manufacturing ecosystems on the planet. Behind the scenes, each utilizes thousands of highly proprietary, heavily siloed Operational Technology (OT) and Information Technology (IT) systems resulting from decades of organic growth and acquisitions. Currently, engineers waste weeks manually extracting, normalizing, and correlating data from these isolated environments before any advanced AI analysis can even begin. This session explores the transformative role of the Model Context Protocol acting as a universal, cloud-native translation layer. We will reveal how manufacturing giants are utilizing Kubernetes-hosted MCP platforms to seamlessly bridge legacy industrial control systems with modern AI agents, radically accelerating industrial intelligence.

Speakers

Yogesh Sardana

Cloud Leader, Independent

I'm working as a Cloud Leader, part of R&D wing, known as Jack of all trades but master of Cloud. Been into various tech stacks before of SDLC like Full Stack App Dev, Testing, Data Analytics, having fun with tech.

Friday August 14, 2026 12:00 - 12:25 KST
Orchid 2

Building with MCP

12:00 KST

Skills and MCP: Complementary, Not Competing - Dale Seo, Apollo GraphQL

Friday August 14, 2026 12:00 - 12:25 KST

Grand Ballroom 1 + 2

MCP has solved a critical problem: giving AI agents access to external tools and data. But access alone isn't enough. An agent with a database tool can still write terrible queries. An agent with a deployment tool can still push unsafe changes. The gap isn't access. It's expertise. Agent Skills are a lightweight format for encoding the domain knowledge agents need to use tools well. A common misconception is that Skills replace MCP. They don't. MCP provides capabilities: live connections to real systems. Skills provide knowledge: patterns to follow, mistakes to avoid, conventions a team considers non-negotiable. Skills ensure an agent does things right. MCP ensures it does real things. You need both. In this talk, I'll show how they work together through real examples. You'll see agents that call tools with the right arguments, handle edge cases, and recover from errors like an experienced developer would. As the creator of Apollo MCP Server and Apollo Skills, I've built on both sides of this equation and will share the challenges of shipping both: distributing them together, keeping them in sync, and evaluating if they still add value as models get smarter.

Speakers

Dale Seo

Software Engineer, Apollo GraphQL

Helping developers help the world 🧑‍🚀🚀

Friday August 14, 2026 12:00 - 12:25 KST
Grand Ballroom 1 + 2

MCP Protocol in Depth

12:00 KST

Hardening MCP Integrations Against Tool Poisoning - Arshardh Ifthikar, WSO2

Friday August 14, 2026 12:00 - 12:25 KST

Orchid 1

As MCP adoption grows, tools are becoming the primary interface between agents and external systems. This introduces a new class of risks: tool poisoning, where tool definitions, inputs, or outputs are manipulated to influence agent behavior in unintended ways.
This talk focuses on practical experience identifying and mitigating tool poisoning in MCP-based systems. Early implementations often assumed tools were trustworthy, but in practice we encountered issues such as ambiguous tool descriptions, unsafe parameter handling, and outputs that could steer agents off course.
We will walk through concrete examples of how these failures surfaced, and the patterns that proved more reliable. This includes validating tool contracts, detecting anomalous inputs and outputs, constraining tool usage, and introducing safeguards around execution flow.
Rather than proposing a single framework, the session presents a set of techniques that can be applied incrementally to existing MCP setups. The goal is to help teams better understand how tool poisoning occurs in real systems, and how to design MCP tools that remain predictable and safe under agent-driven use.

Speakers

Arshardh Ifthikar

Technical Lead, AI, WSO2

Arshardh Ifthikar specializes in the intersection of API infrastructure and Generative AI. Leveraging deep expertise in enterprise API Management, he focuses on hardening Model Context Protocol (MCP) implementations for production environments. His work centers on securing the "agent... Read More →

Friday August 14, 2026 12:00 - 12:25 KST
Orchid 1

Security + Identity + Trust

12:30 KST

Why We Made Our AI Agent Platform a Codebase Before Adding MCP - Navtej Reddy, Observe.ai

Friday August 14, 2026 12:30 - 12:55 KST

Grand Ballroom 1 + 2

Six months ago, building a voice AI agent on our platform meant clicking through a UI. This meant editing prompts, dragging conversation flows, hooking up tools with no audit, no rollback, no review. To make the platform work better with MCP, we moved everything to a Git-backed harness. Each agent is now its own repo with skill folders and an agent.md capturing the agent's custom instructions and unique nuances, so when a customer points Cursor or Claude at it via MCP, the AI picks up that context before making any changes.

This talk covers:
(1) the org-change journey from clickops to version control
(2) the sandboxing model, how MCP safely exposes Git's branch model (dual read/write endpoints, tool-layer branch protection, SSO-derived org scoping)
(3) the two-stage CI on every PR, MCP-driven changes ride the same rails as human-authored ones, with simulations followed by automated evaluations
(4) the closed-loop flow that ties it all together, a user files an issue with a test scenario on an agent's page, the sandboxed AI makes the change, validates it, and submits a PR for review using MCP.

Speakers

Navtej Reddy

Software Engineer 2, Observe.ai

Navtej Reddy is a software engineer at Observe AI, where he built the flow-based voice agent framework that powers 10,000+ daily customer calls and led the MCP integration described in this talk. He's also a Springer (2025) author on AI-driven incident debugging. CS graduate of PES... Read More →

Friday August 14, 2026 12:30 - 12:55 KST
Grand Ballroom 1 + 2

Building with MCP

12:30 KST

Your MCP Server Behaves Differently in Every Client: A Cross-Client Field Guide for Server Authors - Tanisha Sharma, SuprSend

Friday August 14, 2026 12:30 - 12:55 KST

Orchid 2

Same MCP server. Same prompt. Three different IDEs. Three different outcomes — and one of them is silently wrong.

After documenting a production MCP server across Cursor, Claude Desktop, and Windsurf, the speaker has the war stories. Tool descriptions one client truncates and another expands. Resource limits that vary by 10x. Notification semantics that work in one host and silently no-op in another. OAuth flows that route through different dances depending on the client. Session-lifetime assumptions that turn into "why did my context vanish?" support tickets.

This talk is a field guide, organized by client, with the actual diffs server authors should care about. Live side-by-side traces of the same tool call across three clients, showing where each one quietly diverges from the spec — and the small defensive changes (in tool naming, description length, error semantics) that make a single server work the same way in all three.

Closes with a proposal: a "client compatibility matrix" the MCP ecosystem should publish and maintain, modeled on Can I Use for the web.

For MCP server authors who have only ever tested in one client.

Speakers

Tanisha Sharma

AI DevRel Engineer, SuprSend

Tanisha is an AI Developer Advocate specializing in production multi-agent systems. Also a private pilot. Both pursuits taught her the same lesson: know when to trust automation and when human judgment matters most.

Friday August 14, 2026 12:30 - 12:55 KST
Orchid 2

Building with MCP

12:30 KST

MCP Discovery Infrastructure: Registries, Trust, and Routing for Production Agents - Mahesh Lambe, ProjectNANDA.org

Friday August 14, 2026 12:30 - 12:55 KST

Orchid 1

MCP is becoming the standard way for agents to connect with tools, apps, services, and data systems. But as MCP moves from local developer workflows into production agent platforms, the next bottleneck is discovery infrastructure: how agents find the right MCP server, verify its capabilities, evaluate trust, respect permissions, and route safely across teams, clouds, vendors, and organizations.

This session presents a practical architecture for MCP discovery infrastructure: capability metadata, registries, signed server facts, gateway patterns, trust signals, policy-aware routing, observability, audit trails, and failure handling. The focus is on reusable design patterns that can help MCP scale without fragmenting into brittle static configurations or vendor-specific registries.

Drawing on Project NANDA work around AgentFacts, registry interoperability, adaptive resolution, and NEST-style testbeds, the talk gives MCP builders a concrete framework for moving from “agent calls a configured tool” to “agent discovers and safely uses trusted capabilities.” Attendees will leave with implementation patterns, failure modes, and standardization questions for production MCP systems.

Speakers

Mahesh Lambe

CEO and Chief Scientist at ProjectNANDA.org, ProjectNANDA.org

Mahesh Lambe is CEO and Chief Scientist at ProjectNANDA.org, where he works on open infrastructure for agent discovery, identity, trust, registry interoperability, and adaptive resolution. A serial entrepreneur and AI infrastructure architect with 20+ years building enterprise and... Read More →

Friday August 14, 2026 12:30 - 12:55 KST
Orchid 1

Ecosystems + Registries + Platform Infrastructure

12:55 KST

Lunch

Friday August 14, 2026 12:55 - 14:25 KST

Grand Ballroom Foyer

Friday August 14, 2026 12:55 - 14:25 KST
Grand Ballroom Foyer

Registration / Breaks / Special Events

14:25 KST

Closing the Context Gap: Making Your APIs Agent-Ready With Postman’s Native Git Integration - Aanchal Mishra, Postman & Ali Mustafa Shaikh, Pieces AI

Friday August 14, 2026 14:25 - 14:50 KST

Orchid 1

Traditional AI implementation relies on "tool sprawl": manually wrapping every API action into custom functions. This creates a maintenance burden where prompts swell, tokens vanish, and agents hallucinate under the weight of excessive choice. At Postman, we’ve shifted the paradigm: instead of teaching agents how an app works, we provide them with structured context they already understand through the MCP.

This session moves beyond theory to demonstrate a live "AI Readiness" workflow using Postman’s native Git integration. We will pit a well-defined OpenAPI schema against a poorly designed one to visualize the "Context Tax" - showing how architectural debt leads to 2x higher token usage and fumbled execution. By leveraging Postman’s MCP Server generator and CLI SDKs, I’ll demonstrate how to transform static documentation into active "code skills" that agents like Claude can navigate autonomously. Attendees will learn to build APIs that don't just return data, but serve as high-fidelity maps for the next generation of autonomous agents.

Speakers

Ali Mustufa Shaikh

Senior Developer Advocate, Pieces AI

I empower developers to overcome traditional education barriers, building their confidence for professional success. Through technical training at leading organizations - including Rakuten, Infosys Deloitte and Open Dealer Exchange I've guided professionals worldwide in Google Cloud... Read More →

Aanchal Mishra

Developer Advocate, Postman, Postman

Aanchal is a Developer Advocate at Postman specializing in Agentic Workflows, API Literacy, and Developer Education. With 5+ years of experience, she has designed global learning paths reaching thousands of developers and delivered over 150 technical workshops across 35+ cities. A... Read More →

Friday August 14, 2026 14:25 - 14:50 KST
Orchid 1

Building with MCP

14:25 KST

Self-Improving MCP Agents - Kemal Elmizan, GoTo Company

Friday August 14, 2026 14:25 - 14:50 KST

Grand Ballroom 1 + 2

Most MCP systems today are static at runtime. We define tools, expose schemas and rely on prompts to guide behavior, then hope the system remains reliable after deployment.

In practice, MCP-based systems drift. Agents repeatedly misuse tools, call inefficient sequences or fail in predictable ways. Tool descriptions become outdated. Context grows noisy. Human operators step in to correct outcomes, but those corrections are rarely captured or reused. MCP standardizes how agents connect to tools, but it does not define how systems improve over time.

I would like to explore how to build MCP systems that go beyond execution by introducing feedback loops on top of the protocol. By combining tool call history and observability, we can build systems that identify their own weaknesses and suggest improvements safely.

The session will cover practical patterns:
- Detecting repeated tool misuse and failure patterns
- Learning from retries, fallbacks, and human corrections
- Identifying redundant or low-value tool chains
- Designing safe feedback loops with audit logs, versioning, rollback and human approval

Speakers

Kemal Elmizan

Lead Software Engineer, GoTo Company

Hi there! I am Kemal Elmizan, currently working as a Software Engineer at Gojek (GoTo Company). I like building software across the stack and like to understand what's going on beneath the surface. I have extensive experience in backend, web, and android development. I have lectured... Read More →

Friday August 14, 2026 14:25 - 14:50 KST
Grand Ballroom 1 + 2

Building with MCP

14:25 KST

When AI Agents Need Eyes: What MCP Can and Cannot Standardize for Computer Vision - Seowoo Han, B GARAGE

Friday August 14, 2026 14:25 - 14:50 KST

Orchid 2

AI agents are increasingly expected to work with visual information: documents, screenshots, cameras, inspection images, and other domain-specific signals. MCP gives developers a powerful way to expose these capabilities as discoverable tools and resources, but real-world computer vision brings challenges that do not disappear behind a simple tool call, including image quality, sensor differences, domain shift, uncertainty, validation, and human review.

In this session, I will explore practical patterns for integrating computer vision into the MCP ecosystem, including OCR, object detection, visual monitoring, and domain-specific inspection tools. The talk will focus on what MCP can standardize for agent-facing vision systems, what should remain domain-specific, and how developers can design safer, more reliable interfaces between AI agents and visual perception.

Speakers

Seowoo Han

Computer Vision Engineer / AI Engineer, B GARAGE

Seowoo Han is an AI Engineer and Computer Vision Engineer based in Korea, with 5+ years of experience building production-grade AI systems across OCR, object detection, drone-based visual inspection, edge video analytics, multimodal AI, RAG, and agentic workflows. She currently works... Read More →

Friday August 14, 2026 14:25 - 14:50 KST
Orchid 2

MCP Protocol in Depth

14:55 KST

Managing Token Usage in MCP Servers Using Code Mode - Bhumika Satpathy, Google

Friday August 14, 2026 14:55 - 15:20 KST

Grand Ballroom 1 + 2

As the ecosystem for the Model Context Protocol (MCP) expands, developers are hitting a familiar wall: token bloat. While MCP provides a powerful standardized interface for LLMs to interact with external data, the "context tax" of verbose tool definitions and massive data payloads can quickly degrade performance and spike costs. To build production-ready agents, we must move beyond basic implementations and embrace advanced orchestration.

This session dives into the architecture of efficient MCP server design, focusing on the "Code Mode" technique. We will explore how to shift the heavy lifting from the LLM’s reasoning space to the server’s execution environment. Instead of forcing the model to process raw, unrefined data, "Code Mode" empowers the LLM to generate and ship logic—miniature, execution-ready scripts—directly to the MCP server. This approach minimizes round-trip latency and drastically reduces the input tokens required for complex data manipulation.

Speakers

Bhumika Satpathy

Senior Software Engineer, Google

I am a Senior Software Engineer at Google and have been working with the MCP Platform team which helps to ease out creation and deployment of MCP Servers for developers within Google. We have solved multitude of challenges that users have faced and explored multiple techniques in... Read More →

Friday August 14, 2026 14:55 - 15:20 KST
Grand Ballroom 1 + 2

Building with MCP

14:55 KST

Operating an AI Infrastructure Through MCP Apps on Agents - HyounKyoung Moon, Lablup

Friday August 14, 2026 14:55 - 15:20 KST

Orchid 2

GPU infrastructure has traditionally been operated through CLIs, dashboards, and a patchwork of admin tools. Each task — checking cluster state, allocating resources, launching sessions — forces the operator to switch context and stitch results together manually.

MCP changes the surface of this work. By exposing infrastructure operations as MCP tools, an agent can carry out cluster tasks on the operator's behalf. And with MCP Apps (SEP-1865), the agent doesn't just respond in text — it renders interactive UIs inline, so the operator can see the cluster, review the agent's plan, and approve actions visually within the same conversation.

This talk shows how an agent embedded in an MCP host can manage GPU infrastructure efficiently by combining:

- **Visual control via MCP Apps** — the agent renders cluster status views, resource allocation charts, and confirmation cards inline. The operator sees the infrastructure, reviews the plan, and clicks to approve.
- **Session-level control via MCP** — the agent creates, inspects, and modifies compute sessions through MCP tool calls.
- **Human-in-the-loop by design** — visual checkpoints make every consequential action explicit

Speakers

HyounKyoung Moon

AI Product Engineer, Lablup

AI Product Engineer who builds AI-first products across diverse stacks—from low-level embedded systems to scalable services and web platforms. I've shipped and completed multiple end-to-end products (RTOS multimedia players, mobile apps, game backends, set-top solutions, and web... Read More →

Friday August 14, 2026 14:55 - 15:20 KST
Orchid 2

Building with MCP

14:55 KST

Two Audiences, One Markdown File: Writing MCP Docs an Agent Can Actually Use - Tanisha Sharma, SuprSend

Friday August 14, 2026 14:55 - 15:20 KST

Orchid 1

When an MCP server exposes documentation.search and documentation.fetch, its docs site quietly acquires a second reader: the agent. And the agent is not a small human. Humans want narrative tutorials; agents want flat, deduplicated, single-source-of-truth pages. Humans skim; agents tokenize. Humans tolerate ambiguity; agents hallucinate from it.

This talk is a field report from rewriting an MCP server's documentation to serve both audiences from one markdown source. Concrete before/after pages, real agent traces from the SuprSend MCP server (used as a case study not a pitch), the five rewrite rules that actually moved the needle on hallucination rates, and the surprising downstream effect: the human-facing docs got better too. Every rule generalizes to any MCP server with public docs.

Closes with two open questions the audience is invited to argue back at: should agent-facing docs be a separate channel? Should MCP add a "documentation" primitive at the protocol level?

For DevRels, technical writers, and MCP server maintainers who already exposed their docs as a tool or are about to.

Speakers

Tanisha Sharma

AI DevRel Engineer, SuprSend

Friday August 14, 2026 14:55 - 15:20 KST
Orchid 1

Building with MCP

15:25 KST

From 40 Tools To 14: A Practical Framework for MCP Tool Curation - Nimit Savant & Gokul K S, DevRev

Friday August 14, 2026 15:25 - 15:50 KST

Orchid 1

We built an MCP server exposing 40+ operations. Agents misused most of them. Hybrid search returned only IDs with no context. get_issue prefixed every field with redundant key-value labels, burning tokens without helping the LLM. We had write tools with no corresponding read tools. Custom field schemas varied wildly across organizations, causing unpredictable bloat.
We cut to 14 tools. Agent precision improved dramatically. But deciding which 14 - and how to design them - required building a framework we wish had existed when we started.
This talk shares that framework as an open, reusable methodology any MCP server author can apply: how to audit which tools agents actually select vs. misuse, how to score agent success rate per tool, how to identify tools that confuse rather than help, how to structure response shapes for minimal token cost and maximum agent comprehension, and how to design progressive disclosure so capability scales without overwhelming context.
Every team building an MCP server faces this decision. We'll give them a starting point so they don't have to learn it the hard way.

Speakers

Nimit Savant

Developer Evangelist, DevRev

I love to talk about Agentic AI and B2B Developer Advocacy and strategies

Gokul K S

Member of Technical Staff, DevRev

Computer engineer with 3 years of experience in backend systems and currently exploring the agentic space.

Friday August 14, 2026 15:25 - 15:50 KST
Orchid 1

Building with MCP

15:25 KST

From Legacy To Agentic AI - Seoyul Yoon, SK AX

Friday August 14, 2026 15:25 - 15:50 KST

Grand Ballroom 1 + 2

What does it take to bring a company's legacy systems into the AI era?

Hand-coding tool functions for every backend is not sustainable; maintenance costs grow exponentially as the number of services increases. We solved this with a combination of open source projects.

Given a single OpenAPI spec, the system automatically converts endpoints into MCP Tools, a Kubernetes Operator provisions and manages the MCP server, and a LangGraph + deepagents-based Agent talks to internal systems on top, with Agent Skills (SKILL) shaping how that agent behaves.

This session shares how we selected and composed five open source projects, along with the real-world challenges we hit along the way: multi-provider OAuth, custom Keycloak token verification, per-backend header injection, transport-naming inconsistencies across MCP clients, and rewriting auto-generated tool descriptions to fit the LLM.

Not a finished solution, but a practitioner's account showing that turning legacy systems into AI-ready interfaces is entirely achievable with open source.

Speakers

Seoyul Yoon

Manager, SK AX

I am a Platform Engineer on the EnableX Platform team at SK AX, focusing on bridging the gap between legacy enterprise systems and the Agentic AI era. As a passionate advocate for the open-source ecosystem and an active member of Cloud Native Community Korea, I explore the intersection... Read More →

Friday August 14, 2026 15:25 - 15:50 KST
Grand Ballroom 1 + 2

Building with MCP

15:25 KST

From CVEs To Kill Switches: Hardening the MCP Supply Chain End-to-End - Unnati Mishra, Independent

Friday August 14, 2026 15:25 - 15:50 KST

Orchid 2

Talks on agent security often focus on prompts and tools; this one zooms in on the MCP supply chain itself. When every MCP server can reach production systems, a single compromised SDK, container image, or plugin becomes an enterprise incident.

This session walks through an end-to-end hardening playbook for MCP ecosystems: SBOMs for MCP servers and clients, signing and verifying artifacts, policy-as-code gates in CI/CD, runtime admission policies, and emergency kill switches at the MCP layer.

I’ll map real-world supply-chain failures from the broader OSS world to concrete MCP risks, then show how to layer defenses without killing developer velocity. Attendees will leave with threat models, example policies, and a response runbook they can adapt to their own deployments, something they can hand directly to their security team on Monday.

Speakers

Unnati Mishra

Software Engineer 2, Independent

Unnati is working as a R&D Engineer Software 2 at VMware by Broadcom, India. Currently working with the Release Engg team of the Tanzu Kubernetes Grid. She has been active in Open Source community since 2019 and has also participated in many Hackathons, bagging prizes in few of them... Read More →

Friday August 14, 2026 15:25 - 15:50 KST
Orchid 2

Security + Identity + Trust

15:50 KST

Break

Friday August 14, 2026 15:50 - 16:05 KST

Grand Ballroom Foyer

Friday August 14, 2026 15:50 - 16:05 KST
Grand Ballroom Foyer

Registration / Breaks / Special Events

16:05 KST

Building and Testing MCP Servers With the Inspector, Conformance Suites, and Property-Based Testing - Navin Pai, StackGen

Friday August 14, 2026 16:05 - 16:30 KST

Orchid 2

MCP gained popularity because it was as easy as building a REST API. Infact, many might say, building an MCP Server is a bit too easy. Shipping a broken MCP server into a pool of a hundred others is easy but shipping one that actually behaves correctly under adversarial clients, malformed inputs, and edge-case tool schemas is hard.

Devs have already built tens of thousands of MCP servers, and recent spec revisions have focused on richer tool annotations, structured tool outputs, and clearer security best practices, all of which introduce new failure modes to test for.

This session covers a complete testing pyramid for MCP servers: using the official MCP Inspector for interactive tracing, writing conformance tests against the JSON Schema tool definitions, and applying property-based testing (with tools likeHypothesis in Python or fast-check in TypeScript) to fuzz tool inputs and surface schema violations before clients do. We'll also walk through how to set up a CI pipeline that runs your MCP server against a spec conformance suite on every pull request, and how to lint tool descriptions for ambiguity that could confuse real LLM clients.

Speakers

Navin Pai

Director of Engineering, StackGen

Navin is a Founding Engineer at OpsVerse. You'll often find him on the internet, getting into flamewars about observability, large scale system design, and open source software

Friday August 14, 2026 16:05 - 16:30 KST
Orchid 2

Building with MCP

16:05 KST

My Computer's Purchasing? Enabling Agentic Commerce With MCP - Rohit Ganguly, Descope

Friday August 14, 2026 16:05 - 16:30 KST

Grand Ballroom 1 + 2

Agentic Commerce is one of the most intriguing use cases for agents, with $3-5 Trillion in volume predicted by 2030 according to the latest research. However, with so many protocols, projects, and mechanisms, it's very easy to confused while learning about this use case, and where, if at all, MCP fits into it.

Fortunately for us, MCP fits perfectly into the modern Agentic Commerce Protocols! In this session, we'll cover exactly how and where MCP fits into the agentic commerce equation. On top of that, we'll introduce the concept of Agentic Commerce, break down the popular protocols, and construct a system design of what Agentic Commerce looks like with MCP.

By the end of the session, attendees will have a cursory understanding of Agentic Commerce principles and how to enable this use case with MCP. Additionally, a GitHub repository detailing Agentic Commerce via MCP will be provided.

Speakers

Rohit Ganguly

AI Product Manager, Descope

Rohit is an AI Product Manager at Descope, where he leads the MCP Auth and Agentic Identity efforts. Previously, he worked in Microsoft's Developer Division across products like the Azure SDKs and VS Code before launching the Azure MCP Server.

Friday August 14, 2026 16:05 - 16:30 KST
Grand Ballroom 1 + 2

Building with MCP

16:05 KST

Beyond APIs: Making MCP Services Faster and Secure With WebAssembly - Brandon Kang, Akamai Technologies

Friday August 14, 2026 16:05 - 16:30 KST

Orchid 1

As MCP adoption grows, most implementations focus on defining tools and integrating APIs, but far less attention is given to how these tools are actually executed. In production environments often introduces real challenges in both security and performance.

In this session, we explore how WebAssembly fundamentally changes this model by providing a secure and high-performance execution layer. We'll also work through how MCP tools can run inside a sandboxed WebAssembly runtime, where access to the file system, network, and environment is explicitly controlled. This significantly reduces the attack surface compared to traditional server-side execution models, especially in multi-tenant and agent-driven environments.

From a performance perspective, WebAssembly enables near-native execution speed with extremely fast startup times. WebAssembly modules can start in milliseconds, making them ideal for MCP workloads where tools are invoked frequently and latency directly impacts agent responsiveness.
We will also cover authentication patterns such as OAuth and JWT, and explain how a “secret-less” architecture can be achieved by isolating credentials outside of the execution runtime.

Speakers

Brandon Kang

Principal Technical Solutions Architect, Akamai Technologies

Brandon Kang is a Principal Technical Solutions Architect at Akamai Technologies, overseeing cloud computing products and cloud-native initiatives across Asian countries.

Before joining Akamai, he held key roles in leading technology companies, including serving as a software e... Read More →

Friday August 14, 2026 16:05 - 16:30 KST
Orchid 1

Security + Identity + Trust

16:35 KST

Dead Reckoning for AI Agents: Building Fault-Tolerant MCP State Machines Without a Map - Akshat Khanna, Independent

Friday August 14, 2026 16:35 - 17:00 KST

Grand Ballroom 1 + 2

In maritime navigation, dead reckoning means computing your current position using a known starting point, heading, and speed without GPS. Agentic MCP systems face the exact same problem: once a multi-tool workflow begins, mid-flight failures, partial writes, and out-of-order responses leave your agent adrift with no canonical ground truth. This talk introduces a practical framework for designing fault-tolerant MCP state machines inspired by dead reckoning principles. You will learn how to model agentic workflows as explicit state graphs, how to attach idempotency keys to MCP tool calls to safely replay without side effects, how to design checkpointing patterns that survive process crashes, and how compensating transactions replace naive rollback for real-world tools. Live-coded demos run through a concrete multi-server order pipeline that survives server timeouts, stale tool responses, and partial network partitions. Leave with implementation patterns, failure taxonomy, and open-source primitives you can wire into any MCP client today.

Speakers

Akshat Khanna

Machine Learning Engineer II, Independent

Akshat Khanna is a Machine Learning Engineer II at Angel One, where he builds GenAI-powered bots and leverages agentic AI for high-performance trading platforms. Previously, he worked as MTS II at VMware Tanzu, focusing on Kubernetes solutions for the edge. He is an active open-source... Read More →

Friday August 14, 2026 16:35 - 17:00 KST
Grand Ballroom 1 + 2

Agent Architecture + Orchestration

16:35 KST

Stop Wrapping APIs: Building Structured Execution Boundaries With MCP for Incident Triage - Sunyoung Park, KC-ML2

Friday August 14, 2026 16:35 - 17:00 KST

Orchid 1

Most teams start with MCP by exposing existing APIs as thin tool wrappers. We did too. However, we quickly realized that for complex operations-like managing GPU clusters and infrastructure health-simply exposing more tools doesn't lead to better automation; it leads to LLM confusion. The real challenge is defining the right reasoning and execution boundary.

In this talk, we share our journey of moving beyond simple API exposure to building MCP servers that act as a sophisticated operational layer. We'll dive into how we transformed fragmented signals into 'Structured Guidance' by embedding domain heuristics and workflow context directly into the MCP layer.

Attendees will learn:
- how to recognize when MCP is acting as a thin wrapper versus a real workflow boundary
- how to design MCP on top of existing operational or management systems
- how to turn fragmented tools, signals, and internal APIs into structured guidance for real-world workflows

This session is a practical story about where MCP becomes more than an integration layer: when it starts acting as the execution boundary for real-world operational decisions.

Speakers

Sunyoung Park

Research Engineer, KC-ML2

I am a Research Engineer at KC-ML2, working on large language models, RAG, and applied AI systems. My work focuses on building practical LLM applications and operational AI workflows for real-world use cases.

Friday August 14, 2026 16:35 - 17:00 KST
Orchid 1

Building with MCP

16:35 KST

Who Watches the Watchmen? Safe AI-Agent Failover Via MCP and CRDs - Phuong Bac Ta, Research Center for Distributed Cloud and Networking, SSU, South Korea & Vitumbiko Mafeni, CNLAB | SSU IISTRC

Friday August 14, 2026 16:35 - 17:00 KST

Orchid 2

Giving an AI agent access to a Kubernetes cluster sounds powerful — until it runs the wrong command. The real challenge is not connecting an LLM to a cluster, but constraining what it can do, enforcing correctness, and keeping a human meaningfully in the loop.
This session presents a blueprint for safe, auditable MCP-powered operations through a real use case: an AI-assisted failover system for Kubernetes. Instead of letting an agent call cluster APIs directly, we place a Failover MCP Server in front of the cluster and expose only discrete, permission-scoped tools for observation and controlled action.
Beneath that reasoning layer, a Kubernetes Operator serves as the enforcement point. CRDs such as FailoverPolicy and DisasterRecoveryPlan encode failover semantics, validate requested actions, and ensure execution remains deterministic and policy-compliant. Sensitive actions are held behind a requireApproval setting in the Agent manifest until an operator explicitly approves the next step.
The talk closes with lessons on where LLM reasoning helps during incidents and why Operator-controlled execution still matters in high-risk workflows.

Speakers

Vitumbiko Mafeni

Research Engineer, CNLAB | SSU IISTRC

I am a Research Engineer at the Research Center for Distributed Cloud and Networking, SSU, South Korea, specializing in cloud-native technologies for AI, edge computing, and 5G. I actively contribute to and engage with open-source projects, collaborating with the community to explore... Read More →

Phuong Bac Ta

Research Engineer, Research Center for Distributed Cloud and Networking, SSU, South Korea

Phuong Bac Ta is a Research Engineer at the Research Center for Distributed Cloud and Networking, SSU, South Korea. He works on cloud-native platforms, distributed systems, and Agentic AI for operations, with a focus on observability, automated failover, and resilient infrastructure... Read More →

Friday August 14, 2026 16:35 - 17:00 KST
Orchid 2

Building with MCP

17:05 KST

From Scripts To Systems: Building Appium MCP for Real-World Automation - Swastik Baranwal & Navin Chandra, TestMu AI (formerly LambdaTest)

Friday August 14, 2026 17:05 - 17:30 KST

Orchid 1

"MCP makes it easy to expose tools.
It does not make it easy to design systems."

At scale, that gap shows up as tool explosion, context limits, and unreliable execution.

As MCP servers grow, they accumulate large numbers of tools, fragmented abstractions, and stateful workflows, until agents struggle to discover, select, and reliably execute the right actions.

Attendees will leave with specific design patterns to make MCP servers more reliable, scalable, and easier for agents to use.

In building Appium MCP (github.com/appium/appium-mcp), we encountered this firsthand. Supporting real mobile automation required handling 100+ device actions, concurrent sessions across devices, and flaky UI interactions, quickly pushing naive MCP designs to their limits

In this talk, we demonstrate what breaks when MCP servers scale and how we changed our system

We evolved from loosely defined tools to an intent-driven interface, added elicitation for clearer execution, and integrated Appium Skills to extend capabilities.

These patterns enabled us to move beyond simple command execution toward composable, agent-driven automation, powering new projects like AppClaw - an extension to Appium MCP.

Speakers

Navin Chandra

Member of Technical Staff - Open Source, TestMu AI (formerly LambdaTest)

Navin Chandra is an active contributor and maintainer of the Selenium project, primarily focusing on the Selenium Python bindings, and a contributor to Appium. Passionate about open source, Navin has contributed to multiple OSS projects, fostering innovation and collaboration within... Read More →

Swastik Baranwal

Member of Technical Staff - Open Source, TestMu AI (Formerly LambdaTest)

Committer at Selenium and Appium
Core Developer at V Programming Language
Contributor at TODO Group
Author of Box CLI Maker

Friday August 14, 2026 17:05 - 17:30 KST
Orchid 1

Building with MCP

17:05 KST

When Dashboards Lie: Building MCP Tools That Chase Down the Truth - Hrittik Roy, vCluster & Aditya Soni, SailPoint

Friday August 14, 2026 17:05 - 17:30 KST

Grand Ballroom 1 + 2

Dashboards lie. Not maliciously, structurally. Aggregation hides the tenant on fire. Sampling drops slow requests. The p99 looks fine because 47 users who timed out are a rounding error. Every SRE has lived this: green screen, Slack on fire, hunting across five tools to find what the dashboard refused to show.

This is a field report from building MCP tools that do the hunting. The agent does not replace the SRE. It does the grunt work nobody has time for at 3 AM: pulling exemplar logs for the slowest 0.1 percent, correlating a deploy against error rates, checking if the metric was even reporting.

1. Why dashboards lie. Sampling, aggregation, the "aggregate green, individual red" pattern.
2. MCP tool design for truth-seeking. Read-only vs side-effecting split, partial-data schemas, outputs that make the model admit uncertainty instead of hallucinating "all good."
3. Correlation loops that work. Deploy to error rate to exemplar logs to suspected change, not seventeen tabs.
4. Guardrails from production. Prompt injection in logs, cost blow-ups, tools we took back after one bad incident.

Attendees leave with patterns for MCP tools that chase down what dashboards will not show.

Speakers

Hrittik Roy

TPME, vCluster

Hrittik is a Platform Advocate at Loft Labs and a CNCF Ambassador, with expertise in cloud native technologies and open source communities. He has contributed extensively to developer advocacy, technical writing, and community engagement. Hrittik has been a featured speaker at events... Read More →

Aditya Soni

CNCF Ambassador, Senior DevOps Engineer, SailPoint

Aditya Soni is a DevOps/SRE tech professional He worked with Product and Service based companies including Red Hat, Forrester Research, Searce, and is currently positioned at SailPoint as a Senior DevOps Engineer. He holds AWS, GCP, Azure, RedHat, and Kubernetes Certifications.He... Read More →

Friday August 14, 2026 17:05 - 17:30 KST
Grand Ballroom 1 + 2

Building with MCP

17:05 KST

MCP Authorization: What an IAM Engineer Sees That You Might Miss - Thumula Perera, WSO2

Friday August 14, 2026 17:05 - 17:30 KST

Orchid 2

I spent four years building identity systems. When I read the MCP authorization spec, I recognized the building blocks: OAuth 2.1, PKCE, Dynamic Client Registration. I also recognized where it goes quiet on the hard parts.

Three gaps stand out.

Scopes are defined at the transport level, not the tool level. A token grants access to an MCP server, but says nothing about which tools the client can call.

Agent chain identity has no standard answer. The spec is silent on server-to-server authentication, and the client credentials grant for agent-to-agent scenarios is only now returning as a draft extension.

Dynamic Client Registration brings lifecycle problems. RFC 7592 for client management is not widely supported, and multiple clients sharing an OAuth client ID is a risk teams hit without realizing it.

I'm not an MCP insider. This talk maps four years of API and identity work onto problems MCP teams are running into right now.

Speakers

Thumula Perera

Senior Software Engineer, WSO2

Software engineer with four years at WSO2. Spent the first part on the Identity and Access Management team, working on WSO2 Identity Server and Asgardeo. Also.worked with the Choreo team, where I worked on both system IAM and developer IAM.

Friday August 14, 2026 17:05 - 17:30 KST
Orchid 2

Security + Identity + Trust

08:30 KST

09:30 KST

09:40 KST

10:00 KST

10:15 KST

10:30 KST

10:30 KST

11:00 KST

11:00 KST

11:30 KST

11:30 KST

11:30 KST

12:00 KST

12:00 KST

12:00 KST

12:30 KST

12:30 KST

12:30 KST

12:55 KST

14:25 KST

14:25 KST

14:25 KST

14:55 KST

14:55 KST

14:55 KST

15:25 KST

15:25 KST

15:25 KST

15:50 KST

16:05 KST

16:05 KST

16:05 KST

16:35 KST

16:35 KST

16:35 KST

17:05 KST

17:05 KST

17:05 KST

Get help with the event