BEGIN:VCALENDAR
VERSION:2.0
X-WR-CALNAME:mcpseoul2026
X-WR-CALDESC:Event Calendar
METHOD:PUBLISH
CALSCALE:GREGORIAN
PRODID:-//Sched.com MCP Dev Summit Seoul 2026//EN
X-WR-TIMEZONE:UTC
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260812T233000Z
DTEND:20260813T093000Z
SUMMARY:Registration + Badge Pick-up
DESCRIPTION:\n
CATEGORIES:REGISTRATION / BREAKS / SPECIAL EVENTS
LOCATION:Grand Ballroom Foyer\, Seoul\, South Korea
SEQUENCE:0
UID:eabefceb336f7f161450833ccc3e0859
URL:http://mcpseoul2026.sched.com/event/eabefceb336f7f161450833ccc3e0859
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T003000Z
DTEND:20260813T004000Z
SUMMARY:Keynote: Welcome & Opening Remarks - Demetrios Brinkmann\, Member Non-Technical Staff\, Agentic AI Foundation
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:629a4b0b9b3c2b4c6c9f24e39c0f053a
URL:http://mcpseoul2026.sched.com/event/629a4b0b9b3c2b4c6c9f24e39c0f053a
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T004500Z
DTEND:20260813T010000Z
SUMMARY:Keynote: Two Years of MCP: State of The Ecosystem - Den Delimarsky\, Member of Technical Staff\, Anthropic
DESCRIPTION:Two years ago\, getting an AI agent to reach anything outside itself meant writing a whole bunch of glue code. A custom integration for every tool\, every data source\, every model you wanted to support. Nobody enjoyed this\, and yet everybody did it anyway.\n\nMCP was the emerging alternative - one protocol\, implemented once on each side. It empowered all imaginable agents to be able to talk to anything through a standard set of conventions.\n\nTwo years later\, the ecosystem around MCP is bigger than the spec itself. There are servers for nearly everything anyone would want to wire an agent into\, clients across every major platform\, and entire categories of capabilities that make the protocol suitable for more than just ferrying text-based data back and forth.\n\nMCP is now the undeniable substrate most agentic workflows run on. Getting there took a couple of years\, a large number of engineering debates\, and the work of a community of maintainers\, developers\, and advocates that spans the globe. This is the story of us getting here.
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:1dd479aa5a16a8a26ebcaf716e700501
URL:http://mcpseoul2026.sched.com/event/1dd479aa5a16a8a26ebcaf716e700501
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T010000Z
DTEND:20260813T011000Z
SUMMARY:Keynote: To Be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:aecab50923f1b11be6a22e020c2541a5
URL:http://mcpseoul2026.sched.com/event/aecab50923f1b11be6a22e020c2541a5
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T011000Z
DTEND:20260813T012500Z
SUMMARY:Keynote: A Cloud Service Provider's MCP Operations Story (From MCP Generator to MCP Gateway) - Jihye Kim\, Backend Engineer\, Naver Cloud Platform
DESCRIPTION:To attach an MCP server to each of hundreds of Naver Cloud Platform services\, every service team had to implement MCP from scratch.We built an MCP Generator to solve this — automatically generating MCP server code from OpenAPI specs.Then Claude's MCP Builder Skills arrived. Suddenly\, anyone could build an MCP server through a few conversations with Claude. The value of the generator we had built disappeared overnight.We had to change direction.And the question changed with it — from "how do we make building MCP servers easier?" to "how do we operate hundreds of them?"That's how MCP Gateway was born. It aggregates multiple MCP servers behind a single HTTP endpoint\, so users can connect every cloud service tool to their AI agent with just one URL and one API key.This talk is structured in two parts:Part 1 — The Journey: The process of figuring out how to provide good MCP servers for hundreds of cloud services — what problems we found\, what we tried\, and how the arrival of MCP Builder Skills became the turning point.Part 2 — MCP Gateway: An introduction and demo of what problems it solves today\, and a look at what we're building next.
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:ac98401212998cc0aa4b0e382537ca9d
URL:http://mcpseoul2026.sched.com/event/ac98401212998cc0aa4b0e382537ca9d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T012500Z
DTEND:20260813T015500Z
SUMMARY:Break
DESCRIPTION:\n
CATEGORIES:REGISTRATION / BREAKS / SPECIAL EVENTS
LOCATION:Grand Ballroom Foyer\, Seoul\, South Korea
SEQUENCE:0
UID:fad5c3b88b284fba74b4bb820407faab
URL:http://mcpseoul2026.sched.com/event/fad5c3b88b284fba74b4bb820407faab
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T012500Z
DTEND:20260813T094000Z
SUMMARY:Solutions Showcase
DESCRIPTION:\n
CATEGORIES:SOLUTIONS SHOWCASE
LOCATION:Grand Ballroom Foyer\, Seoul\, South Korea
SEQUENCE:0
UID:1e4d756eba27a9ae51d43e92a93577f6
URL:http://mcpseoul2026.sched.com/event/1e4d756eba27a9ae51d43e92a93577f6
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T015500Z
DTEND:20260813T022000Z
SUMMARY:Commanding SO101 With Agents - Anshuman Singh\, Devfolio
DESCRIPTION:Working with hardware has always been tough. But over the last 2 years\, the emergence of the SO-101 arm and the rise of AI agent architectures have opened up a new way to experiment -one that dramatically shortens the loop between idea and physical action. \n \n In this session\, I will briefly cover assembling and setting up the SO-101\, then spend most of the time on: how AI agents can talk to and control the hardware. Starting with Claude Code and Codex\, I will show how builders can create their own agents and then use MCP to connect them directly to the arm and issue movement instructions. \n \n All scripts\, implementations\, and the MCP server used in this session are available at github.com/anshuman-dev/so101-project. The repo is actively being improved to make it more structured and easier for others to pick up and build on. \n \n The bigger idea here is accessibility. Traditionally\, operating robot arms required learning specialized\, poorly-maintained software with long feedback loops. With AI agents and MCP as the interface layer\, that barrier drops significantly. Builders\, enthusiasts\, and curious generalists can now go from zero to moving a robot arm without needing a robotics background.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:6830785234289a101f92336f4f1b4d15
URL:http://mcpseoul2026.sched.com/event/6830785234289a101f92336f4f1b4d15
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T015500Z
DTEND:20260813T022000Z
SUMMARY:Zero-Trust MCP: Treating Every Tool Call as an Untrusted API Request From the Outside World - Akshat Khanna & Unnati Mishra\, Independent
DESCRIPTION:Most MCP deployments implicitly trust the LLM. If the model says call this tool with these parameters\, the server calls it. That trust model is wrong — and at enterprise scale\, it is catastrophic. This talk reframes MCP server design through a zero-trust lens: every tool invocation is treated as an untrusted external request that must be authenticated\, authorized\, validated\, rate-limited\, and audited independently of who initiated it. I'll demonstrate a zero-trust MCP middleware layer that enforces four controls: (1) per-call JWT audience binding so a tool call valid in one agent context is rejected in another\, (2) schema-level input validation with content-addressable allow-lists to prevent prompt injection via tool parameters\, (3) capability scoping — tools declare what filesystem paths\, network ranges\, and data stores they may access\, enforced by a policy engine at runtime\, and (4) immutable audit logs using append-only signed ledger entries. Live demos include intercepting and blocking a prompt injection attack mid-flight. Code ships as open-source middleware compatible with any MCP SDK.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:00a2406056b5c3e9521a759631dae2e6
URL:http://mcpseoul2026.sched.com/event/00a2406056b5c3e9521a759631dae2e6
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T015500Z
DTEND:20260813T032000Z
SUMMARY:Building MCP Servers and Agentic AI Workflows in Java - Kevin Dubois\, IBM & Daniel Oh\, Red Hat
DESCRIPTION:In this workshop\, you'll build a complete MCP-powered agentic system in Java from scratch. \n\nWe'll start by building an MCP server. You'll see how familiar the programming model is: annotate a method with @Tool\, configure a transport\, and your service speaks MCP. We'll connect it to a real-world API so the tools do something useful\, not just "hello world."\n\nNext\, we'll build an AI agent that discovers and calls those MCP tools through natural language. You'll see how dependency injection and type safety make multi-tool composition clean and testable\, and how hot reload lets you iterate on agent behavior in seconds.\n\nFinally\, we'll compose multiple agents into a workflow\, including a supervisor agent that autonomously routes tasks to specialist agents\, each with their own tools and MCP connections. \n\nAll materials are open source and based on a battle-tested workshop delivered to developer audiences worldwide. Attendees leave with running code and reusable patterns they can apply immediately.
CATEGORIES:WORKSHOPS
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:1183554a538fd1e7525be092ac27f4b1
URL:http://mcpseoul2026.sched.com/event/1183554a538fd1e7525be092ac27f4b1
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T022500Z
DTEND:20260813T025000Z
SUMMARY:Building and Taming an MCP Server for Multi-Cloud Vibe Computing - Seokho Son\, ETRI
DESCRIPTION:In early 2025\, as MCP adoption grew\, we built our first MCP server for Cloud-Barista\, an Apache 2.0 multi-cloud project I maintain. We started with a simple approach: feed REST API docs to an LLM\, ask it to generate a server\, and connect it to Cloud-Barista. \n \n It worked. Users could provision cloud infrastructure across 10 providers\, including AWS\, Azure\, GCP\, Alibaba\, and NCP\, through LLM clients. It felt like an early glimpse of the Vibe Computing I had imagined. \n \n But the first success was incomplete. The server misused APIs\, burned tokens\, stopped midway\, and sometimes provisioned unintended resources. Imagine an agent creating 1\,000 VMs with expensive GPUs by mistake. The real work began when we had to feed it better context and tame it with clearer tool boundaries\, workflows\, and controls. \n \n This made Multi-Cloud Vibe Computing more concrete. It showed that a useful MCP server needs more than API coverage: context design\, tool boundaries\, workflow guidance\, and safety controls. \n \n This session shares lessons from building and taming an MCP server for a real-world system. It is a hands-on story of learning through mistakes and turning an API wrapper into a useful MCP interface.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:5c52f3768502195869eb7e25e802f7e0
URL:http://mcpseoul2026.sched.com/event/5c52f3768502195869eb7e25e802f7e0
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T022500Z
DTEND:20260813T025000Z
SUMMARY:MCP in Prod: An SRE & DevOps Guide to Not Getting Paged at 3 AM - Deep Poharkar\, Obmondo
DESCRIPTION:We started running MCP servers in production about a year ago. Within weeks we got our first 3 AM page\, a tool was silently failing\, agents were retrying into the void\, and we had zero visibility into what was going wrong. No dashboard caught it. No runbook existed. That incident kicked off a twelve-month journey of figuring out how to actually operate these things. We ended up cutting agent-related incidents by about 70% and got tool invocation P99 under 500ms. \n \n This talk is the playbook we wish we had on day one. We'll cover the stuff that bit us: health checks that go beyond HTTP 200 and actually validate MCP protocol readiness\, how to handle deployments when connections are stateful\, what to put on your observability dashboards (and what turned out to be noise)\, and circuit breaker patterns for when an upstream tool starts misbehaving. We'll also do a quick demo of a monitoring setup we've been running.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:d2fd46fc20876fc7725309b52ecc175e
URL:http://mcpseoul2026.sched.com/event/d2fd46fc20876fc7725309b52ecc175e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T025500Z
DTEND:20260813T032000Z
SUMMARY:The MCP Registry Problem: Why Discoverability Is the Bottleneck Killing Ecosystem Growth - Unnati Mishra\, Independent
DESCRIPTION:10\,000+ MCP servers exist. Developers can't find them. Agents can't query them at runtime. There is no canonical\, vendor-neutral\, machine-readable registry\, and that single gap is slowing MCP adoption more than any protocol limitation. \n \n This talk dissects the MCP discoverability crisis: why a fragmented landscape of marketplace-style lists\, hand-curated JSON files\, and closed vendor directories fails both human developers and autonomous agents. Drawing on the DNS\, npm\, and Docker Hub precedents\, I propose an open MCP Registry Specification covering four layers: server schema contracts\, semantic capability metadata for runtime agent discovery\, cryptographic provenance attestation\, and a federated hosting model any organization can self-host. \n \n We'll walk through a working prototype of a registry server that conforms to the proposed spec\, federate it with a second node live\, and demonstrate a Claude agent autonomously discovering and connecting to previously unknown MCP servers via semantic query. No proprietary platform required.
CATEGORIES:ECOSYSTEMS + REGISTRIES + PLATFORM INFRASTRUCTURE
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:8558d6fb61e449d3217977aa55baa245
URL:http://mcpseoul2026.sched.com/event/8558d6fb61e449d3217977aa55baa245
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T025500Z
DTEND:20260813T032000Z
SUMMARY:Secure MCP Servers in Production: A Practical Guide for Developers - Valeri Milke\, VamiSec GmbH
DESCRIPTION:Model Context Protocol (MCP) is quickly becoming a core interface layer for AI agents\, yet many teams still secure MCP servers as if they were ordinary APIs. This session provides a practical guide for building and operating secure MCP servers in production. \n \n I will translate key security principles into concrete engineering decisions: secure local vs. remote MCP architectures\, trusted tool onboarding\, signed manifests\, schema-based input and output validation\, prompt injection controls\, OAuth 2.1 / OIDC-based authentication\, centralized policy enforcement\, hardened deployment\, audit logging\, and continuous validation. \n \n The goal is not theory\, but an actionable security baseline that developers\, architects\, and platform teams can apply immediately. Attendees will leave with a pragmatic minimum bar and review checklist for MCP server development that helps reduce avoidable security failures\, improve trust between clients and servers\, and strengthen the security posture of the growing MCP ecosystem.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:bd926ea0e879bc3c74d1309d3f2e06f1
URL:http://mcpseoul2026.sched.com/event/bd926ea0e879bc3c74d1309d3f2e06f1
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T032000Z
DTEND:20260813T045000Z
SUMMARY:Lunch
DESCRIPTION:\n
CATEGORIES:REGISTRATION / BREAKS / SPECIAL EVENTS
LOCATION:Grand Ballroom Foyer\, Seoul\, South Korea
SEQUENCE:0
UID:051ae690d3f5b712a4f60e72de4018d4
URL:http://mcpseoul2026.sched.com/event/051ae690d3f5b712a4f60e72de4018d4
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T045000Z
DTEND:20260813T051500Z
SUMMARY:Evolving an LLMOps Feedback System Into an MCP-Based Agent Architecture - Ian Y. Choi\, AWS & Taeyoung Kim\, AIFactory
DESCRIPTION:This talk shares lessons from rebuilding a production LLMOps feedback system after its original pipeline architecture became too difficult to extend and operate in practice. The system was initially designed as a modular\, cloud-native pipeline that handled community exercise data end to end—from collection and analysis to feedback generation and publishing. As new capabilities were added\, coordinating cross-step dependencies\, managing state\, and evolving the workflow without breaking existing logic became a growing challenge. \n To address this\, we restructured the system around MCP tools. Each core function—data ingestion\, exercise analysis\, recommendation generation\, and feedback delivery—was refactored into an independently callable tool that agents can dynamically orchestrate. We will discuss how we handled multi-step coordination without losing state\, partial failures and retries across tool boundaries\, observability in agent-driven execution\, and secure tool interaction in a production environment. Rather than presenting an idealized architecture\, this session focuses on what changed in practice: what worked\, what didn’t\, and what we would do differently.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:f2c8956d19a8c899e43dca76c50ddbcb
URL:http://mcpseoul2026.sched.com/event/f2c8956d19a8c899e43dca76c50ddbcb
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T045000Z
DTEND:20260813T051500Z
SUMMARY:Demystifying MCP Auth in Plain English - Rohit Ganguly\, Descope
DESCRIPTION:For most developers\, one of the trickiest parts of building MCP Servers is Auth. With an ever-evolving specification that takes advantage of niche OAuth standards\, many feel left behind and simply don't bother to secure their MCP Servers\, leading to severe risks for organizations and users adopting MCP. \n \n This session will cover the MCP Auth spec from first principles\, explaining concepts in a way that even auth newbies can understand. The goal of this session is to help developers 'catch up' on the latest with MCP auth and secure their MCP servers. \n \n Participants can walk away from this session with a cursory understanding of the state of the MCP auth spec and how to roll out auth in their MCP servers.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:24d836c6e4e7bcf3504e4eeb87e31a50
URL:http://mcpseoul2026.sched.com/event/24d836c6e4e7bcf3504e4eeb87e31a50
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T052000Z
DTEND:20260813T054500Z
SUMMARY:Authorization in MCP Systems: Getting It Right From the Start - Aram Andreasyan\, Cerbos
DESCRIPTION:When teams start building on MCP\, one of the first real questions that comes up is simple: what are agents actually allowed to do? \n \n In smaller setups\, it's easy to bake access checks into the agent or the application itself. That works until it doesn't. Once you're dealing with multiple tools\, services\, and data sources\, things get messy fast. Permission logic gets copied across services\, drifts out of sync\, and when something breaks\, nobody can agree on where the problem actually lives. \n \n This talk covers how I approach authorization in MCP-based systems. Where access decisions should live\, how to keep them consistent as complexity grows\, and what changes when agents are acting on behalf of users rather than just on their own. \n \n The focus is on patterns that have worked in real systems: centralizing your policy layer\, passing the right context through each request\, and keeping decisions auditable so you can trace what happened and why. \n \n You'll leave with a clearer way to think about authorization in MCP environments\, and a better sense of where things tend to break down as systems scale.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:9e8fc84df3da50cf4139f32d5b00f205
URL:http://mcpseoul2026.sched.com/event/9e8fc84df3da50cf4139f32d5b00f205
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T055000Z
DTEND:20260813T061500Z
SUMMARY:Building Production MCP Servers in Go: Transports\, Concurrency\, and Tool Contracts - Rajiv Ranjan Singh\, Maersk & Naman Lakhwani\, Independent
DESCRIPTION:Building an MCP server is easy to demo and hard to operate. Once a server sits between an agent and real systems\, questions about transport choice\, cancellation\, timeouts\, concurrency\, schema evolution\, and tool safety show up fast. \n \n This talk walks through building a production-minded MCP server in Go. It covers how to model tools and resources with Go types\, choose between stdio and HTTP-based transports\, handle concurrent tool calls without shared-state bugs\, and add logging\, metrics\, and failure boundaries that make incidents debuggable. It also compares the current Go MCP landscape: the official Go SDK\, community libraries like mcp-go\, and what the emerging ecosystem still lacks compared to the Python and TypeScript stacks. \n \n The examples come from MCP server patterns for CI/CD and platform workflows\, where reliability matters because the server sits in the critical path between an AI agent and deployment infrastructure. Attendees will leave with a concrete set of patterns for shipping Go-based MCP services that are reliable enough for production\, not just demos.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:feda3bb033c0260b7754d2547d87a019
URL:http://mcpseoul2026.sched.com/event/feda3bb033c0260b7754d2547d87a019
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T055000Z
DTEND:20260813T061500Z
SUMMARY:Who Authorized That Agent? Identity and Policy Enforcement for MCP Tool Calls - Kaiwalya Koparkar\, Gravitee
DESCRIPTION:When a human calls an API\, identity is well understood\, OAuth tokens\, JWTs\, API keys. When an AI agent calls that same API via MCP\, the identity model breaks down. Who is the caller? What should it be allowed to do? How do you revoke access when something goes wrong? As MCP adoption moves from dev laptops into production systems\, the absence of a consistent identity and authorization layer for agent-initiated traffic is becoming a critical gap. This session walks through the auth problem from first principles covering OAuth flows for non-human callers\, per-agent rate limiting\, JWT validation at the MCP proxy layer\, and policy enforcement patterns that don't require rewriting your backend services. Attendees will leave with a concrete mental model and implementation patterns for securing MCP tool calls in production.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:132356eee1256eb34695f2e8367b2a2d
URL:http://mcpseoul2026.sched.com/event/132356eee1256eb34695f2e8367b2a2d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T061500Z
DTEND:20260813T064500Z
SUMMARY:Break
DESCRIPTION:\n
CATEGORIES:REGISTRATION / BREAKS / SPECIAL EVENTS
LOCATION:Grand Ballroom Foyer\, Seoul\, South Korea
SEQUENCE:0
UID:ad26fd2a0991bb32a7b9b6f5b882b122
URL:http://mcpseoul2026.sched.com/event/ad26fd2a0991bb32a7b9b6f5b882b122
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T064500Z
DTEND:20260813T071000Z
SUMMARY:Why Enterprise MCP Runs on Java - Kevin Dubois\, IBM & Mauricio "Salaboy" Salatino\, Dash0
DESCRIPTION:Most MCP examples are written in Python or TypeScript. Great for prototypes\, but enterprises don't ship prototypes. They ship type-safe\, robust\, observable\, secure services. Exactly what Java excels at. \n \n And\, perhaps contrary to popular belief\, building MCP servers or clients with Java is not hard at all. It is as natural as creating REST servers and clients. Swap a few dependencies\, annotate your methods\, and your services speak MCP. \n \n But MCP in Java isn't just about exposing data to LLMs. It can also vastly augment your AI development experience. We'll show how we built an MCP-based agent into the Quarkus framework that exposes live runtime intelligence to your code assistant: structured exceptions\, dynamically discovered tools\, extension-specific coding patterns\, and version-aware documentation search. With this\, your agent doesn't just write code\; it can also get real-time feedback from the running application\, recover from crashes\, and learn patterns specific to the frameworks in your project. \n \n Through real-world examples including IoT integrations and Kubernetes analysis agents\, we'll show why Java is the natural home for enterprise MCP adoption.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:ea5c4d0f740cbeb9af43cd4b7b2c3c11
URL:http://mcpseoul2026.sched.com/event/ea5c4d0f740cbeb9af43cd4b7b2c3c11
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T064500Z
DTEND:20260813T071000Z
SUMMARY:The Context Budget Crisis: Why MCP Needs Server-Side Response Controls - Nimit Savant & Gokul K S\, DevRev
DESCRIPTION:MCP servers today are blind to the client's context budget. In production\, we watched a single list call return 161k tokens. Tool schemas alone consumed 37% of a 200k context window. One customer's sprint data retrieval filled 80k+ tokens and collapsed the agent's reasoning entirely. Organizations with heavy custom fields caused tool schemas to balloon unpredictably. \n These aren't edge cases - they're the default experience at enterprise scale. The MCP protocol currently has no mechanism for servers to understand or respect context constraints. Every response is a best-effort data dump. \n This talk presents real production telemetry from building and operating an enterprise MCP server\, then proposes three protocol-level mechanisms the community should consider: context budget hints from client to server\, progressive tool disclosure so agents discover tools as needed rather than loading everything upfront\, and server-side response compression conventions. We'll share an open reference implementation of progressive discovery that reduced effective schema size by 70%. \n The goal: move this conversation from "each server figures it out alone" to "the ecosystem has shared conventions."
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:c42ab2ef28dd37f757d6bdc0968f1dfd
URL:http://mcpseoul2026.sched.com/event/c42ab2ef28dd37f757d6bdc0968f1dfd
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T064500Z
DTEND:20260813T071500Z
SUMMARY:Workshop: MCP on Mobile: How Far Have We Come? - Sasha Denisov\, Brainform.ai
DESCRIPTION:When people talk about MCP\, they think of a server protocol for desktop AI — Claude Desktop reading the filesystem\, Cursor calling git\, MCP servers humming on cloud infrastructure. But there's a whole other world that rarely shows up in the conversation: phones\, smart watches\, glasses\, cars\, robots\, embedded edge devices. They all have mature SDKs\, many can run small AI models locally\, and almost none have an agentic tool layer to speak of. The natural question is: why isn't MCP there yet? \n Turns out it can be — and is starting to be. This talk is about MCP in the mobile and broader smart-device world: what scenarios already work today\, what's just landing\, and what becomes possible when a device is no longer just a client to a cloud agent but a peer in a multi-device agentic system. We'll cover phones that host their own MCP servers exposing device capabilities\, phones running an entire agent loop on-device with no network\, system-level integrations Apple and Google are bringing through App Intents and AICore\, and hybrid setups where local and cloud servers share one tool registry — then extend the picture beyond phones to glasses\, cars\, watches\, and embedded edge
CATEGORIES:WORKSHOPS
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:81a15ce77324095bbe66b74e0b95a379
URL:http://mcpseoul2026.sched.com/event/81a15ce77324095bbe66b74e0b95a379
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T071500Z
DTEND:20260813T074000Z
SUMMARY:Plug & Play Petabytes With Elastic's MCP - Ashish Tiwari\, Elastic
DESCRIPTION:Most standard RAG pipelines treat data retrieval as a blunt instrument: run a basic search and stuff the context window. At Elastic\, we used the Model Context Protocol to build a much smarter\, agent-driven retrieval system. In this talk\, I’ll show you how we built our MCP server to focus on dynamic context engineering rather than hardcoded pipelines. \n \n I’ll break down our strategy of giving agents atomic tools to inspect the data environment first. By exposing capabilities like list_indices and get_mappings\, the agent gathers the exact schema context it needs before writing and executing complex ES|QL or Query DSL. \n \n If you are building an MCP server for your own databases or APIs\, I’ll share how this "discover first\, search second" approach practically eliminates query hallucinations and creates a highly reliable retrieval loop. You'll walk away with a proven strategy for engineering better context and building smarter data retrieval into your own MCP systems.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:e69361c6dc2c8b93c6f5966adee12ff6
URL:http://mcpseoul2026.sched.com/event/e69361c6dc2c8b93c6f5966adee12ff6
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T071500Z
DTEND:20260813T074000Z
SUMMARY:From APIs To Agentic Toolkits: Designing MCP Flavors and a Public MCP Gateway at Scale - Faizan Akhtar\, React India
DESCRIPTION:As teams adopt MCP\, a common anti-pattern appears: expose an entire API surface as tools and hope the agent figures it out. In practice this leads to confusion\, brittle behavior\, and security headaches. \n \n In this talk\, I’ll walk through a practical architecture for taming that complexity using MCP flavors and a Public MCP gateway. We’ll start from the real constraints: large APIs\, multiple products\, and agents that need a bit of more focus & from there: \n \n - design flavors as curated tool bundles on top of existing OpenAPI contracts\; \n - expose them via a gateway (/mcp vs /{flavorId}/mcp) while handling auth and routing cleanly\; \n - and plug these flavors into agents in editors or chat environments. \n \n I’ll also cover how to evaluate and debug flavors using datasets and traces so they’re treated like product surfaces with their own quality bar\, not opaque black boxes. Finally\, I’ll share lessons learned ramping from a mostly frontend/“traditional” engineering background into MCP and agentic infrastructure work: what worked\, what didn’t\, and what I’d do differently.
CATEGORIES:ECOSYSTEMS + REGISTRIES + PLATFORM INFRASTRUCTURE
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:4e196787838437088c3d3c9f88e9252e
URL:http://mcpseoul2026.sched.com/event/4e196787838437088c3d3c9f88e9252e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T071500Z
DTEND:20260813T074500Z
SUMMARY:Workshop Continues: MCP on Mobile: How Far Have We Come? - Sasha Denisov\, Brainform.ai
DESCRIPTION:\n
CATEGORIES:WORKSHOPS
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:5464f4c807cf45c692d802014f0a006a
URL:http://mcpseoul2026.sched.com/event/5464f4c807cf45c692d802014f0a006a
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T074500Z
DTEND:20260813T081000Z
SUMMARY:From CRDs to Conversations: Simplifying Chaos Engineering With MCP - Pritesh Kiri\, Harness
DESCRIPTION:Imagine telling your system\, “Simulate a pod failure on the payments service\,” or asking\, “What chaos experiments have we run on service X in the last 30 days?” This talk covers a practical approach to using the Model Context Protocol (MCP) with LitmusChaos. The goal is to move away from manual YAML configuration and CRD lookups by using a natural language interface. I'll demonstrate how this MCP setup works and how it changes the workflow for designing and running resilience tests. \n \n This session introduces Chaos Engineering and explores how MCP makes it more accessible. By replacing YAML and dashboards with human language\, we’re lowering the barrier to entry for chaos engineering. Resilience testing becomes accessible to QA\, product\, and on-call teams\, not just platform experts. Whether or not you’re currently using Litmus\, this talk will provide a roadmap for building your own chaos copilot and a glimpse into a future where resilience is everyone’s responsibility.
CATEGORIES:BUILDING WITH MCP
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:bd5e2ad692283da9ab5a616ea53a4095
URL:http://mcpseoul2026.sched.com/event/bd5e2ad692283da9ab5a616ea53a4095
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T074500Z
DTEND:20260813T081000Z
SUMMARY:Three Gateways for the Agentic Era: An Architectural Framework for Governing AI Agent Traffic - Dakshitha Ratnayake\, WS02
DESCRIPTION:AI agents interact with enterprise systems through three different traffic patterns\, each demanding its own governance. Inbound API traffic (REST\, GraphQL\, gRPC\, event streams) needs auth and rate limiting. Outbound LLM traffic needs multi-model routing\, token-based cost controls\, and guardrails. Agent-to-tool traffic via MCP needs session-aware governance\, delegated identity\, and discovery. \n Most organizations handle each ad hoc with different proxies\, custom middleware\, ungoverned direct connections. The result: policy fragmentation\, identity silos\, and cost blind spots. \n This talk presents a three-gateway architectural framework. We define the API gateway (ingress)\, LLM gateway (egress)\, and MCP gateway (agent-to-tool) as composable patterns with distinct governance primitives\, then show how they unify into a bi-directional architecture with shared identity (OAuth2)\, consolidated observability\, and consistent policy. \n Technology-neutral and standards-based: OpenAPI\, AsyncAPI\, MCP\, and OAuth2. You'll leave with a decision framework for which pattern governs which traffic flow — and how to avoid building three separate governance silos.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:338a2fd2f1a5163f154e71b1a76d2b7c
URL:http://mcpseoul2026.sched.com/event/338a2fd2f1a5163f154e71b1a76d2b7c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T074500Z
DTEND:20260813T081000Z
SUMMARY:Workshop Continues: MCP on Mobile: How Far Have We Come? - Sasha Denisov\, Brainform.ai
DESCRIPTION:\n
CATEGORIES:WORKSHOPS
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:8ac69f943035ae7e78bbe3ceb13b518d
URL:http://mcpseoul2026.sched.com/event/8ac69f943035ae7e78bbe3ceb13b518d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T081000Z
DTEND:20260813T094000Z
SUMMARY:Attendee Reception
DESCRIPTION:\n
CATEGORIES:REGISTRATION / BREAKS / SPECIAL EVENTS
LOCATION:Solutions Showcase\, Seoul\, South Korea
SEQUENCE:0
UID:92fcd0b73d997660cd359eaf825a0e44
URL:http://mcpseoul2026.sched.com/event/92fcd0b73d997660cd359eaf825a0e44
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260813T233000Z
DTEND:20260814T083000Z
SUMMARY:Registration + Badge Pick-up
DESCRIPTION:\n
CATEGORIES:REGISTRATION / BREAKS / SPECIAL EVENTS
LOCATION:Grand Ballroom Foyer\, Seoul\, South Korea
SEQUENCE:0
UID:77d688014e0eb016c7a8e962cca03573
URL:http://mcpseoul2026.sched.com/event/77d688014e0eb016c7a8e962cca03573
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T003000Z
DTEND:20260814T004000Z
SUMMARY:Keynote: Welcome Back - Demetrios Brinkmann\, Member Non-Technical Staff\, Agentic AI Foundation
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:d9fec27c3fc3c1a9e4bc0afe4ac19d35
URL:http://mcpseoul2026.sched.com/event/d9fec27c3fc3c1a9e4bc0afe4ac19d35
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T004000Z
DTEND:20260814T005500Z
SUMMARY:Keynote: MCP Is the Easy Part - Baruch Sadogursky\, Member of DevRel Staff\, Tessl AI
DESCRIPTION:I plugged 17 MCP servers into my agent\, and the agent got worse: slower decisions\, dumber questions\, somehow forgetting how to use the same tool it had used five minutes earlier.That's not an MCP problem\, the protocol works. The problem is that MCP defines how a tool is invoked and exactly nothing else. Every invocation is a fresh ceremony of re-discover\, re-parse\, re-decide\, re-handle\, with no persistent artifact wrapping any of it. The agent has no memory of what worked\, no feedback signal for what didn't\, no surrounding context to anchor which tool\, when\, and why.Stateless function calls in an inherently stateful problem.This talk is about the layer above MCP\, the one that turns a directory of well-formed tool calls into coherent agent behavior\, call it a Skill\, a context artifact\, or whatever your stack calls it. I'll show what changes when you bolt one on top of MCP: tool-call frequency drops\, accuracy climbs\, dumb questions to the user disappear.If your MCP integration demos beautifully but production doesn't\, this is the talk for you.(And if you haven't shipped an MCP server yet\, congrats. You'll skip a few mistakes. The protocol is the easy part.)
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:933b6375aad570f30a8b6e471c44a6a1
URL:http://mcpseoul2026.sched.com/event/933b6375aad570f30a8b6e471c44a6a1
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T010000Z
DTEND:20260814T011500Z
SUMMARY:Keynote: To Be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:5c144b5acbe27ef0ae66a8fba1d46550
URL:http://mcpseoul2026.sched.com/event/5c144b5acbe27ef0ae66a8fba1d46550
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T011500Z
DTEND:20260814T013000Z
SUMMARY:Keynote: After the Tool Call: What MCP Leaves Open and How to Close It - Viren Baraiya\, CTO\, Orkes and Co-Creator of Netflix Conductor
DESCRIPTION:Every team building production agents is solving the same execution problems independently: what happens when a tool call runs for an hour\, when the process crashes mid-sequence\, when a downstream failure requires earlier steps to be undone. MCP doesn't specify this — deliberately. But the absence of shared patterns is costing the ecosystem duplicated effort and incompatible implementations.This talk contributes a named\, reusable pattern — MCP tool sequences as durable sagas with compensation semantics — and puts three concrete candidates on the table for spec extension: async tool results\, execution receipts\, and cancellation propagation semantics. A worked implementation serves as existence proof that all three are tractable today\, not theoretical.It also reframes how MCP fits into agent architecture: as the intent layer within a larger execution model\, not the execution model itself. That distinction makes MCP more composable and keeps the spec lean as the ecosystem scales.
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:90a1236c5a039ee4bf472d9aa039ee0c
URL:http://mcpseoul2026.sched.com/event/90a1236c5a039ee4bf472d9aa039ee0c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T013000Z
DTEND:20260814T020000Z
SUMMARY:Break
DESCRIPTION:\n
CATEGORIES:REGISTRATION / BREAKS / SPECIAL EVENTS
LOCATION:Grand Ballroom Foyer\, Seoul\, South Korea
SEQUENCE:0
UID:b7bbda78fe5a2e242bc943a14cef769e
URL:http://mcpseoul2026.sched.com/event/b7bbda78fe5a2e242bc943a14cef769e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T013000Z
DTEND:20260814T070500Z
SUMMARY:Solutions Showcase
DESCRIPTION:\n
CATEGORIES:SOLUTIONS SHOWCASE
LOCATION:Grand Ballroom Foyer\, Seoul\, South Korea
SEQUENCE:0
UID:52dd7eead7a074746aa1591b3365dbb7
URL:http://mcpseoul2026.sched.com/event/52dd7eead7a074746aa1591b3365dbb7
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T020000Z
DTEND:20260814T022500Z
SUMMARY:From API To Agent: Building a Video Intelligence MCP Server and Plugin Ecosystem - James Le\, TwelveLabs
DESCRIPTION:Video intelligence is an unusual MCP workload. Operations are asynchronous and long-running (indexing a 30-minute video takes minutes\, not milliseconds)\, inputs span local files and remote URLs\, and the tool surface is wide\; search\, analysis\, embeddings\, and entity recognition each carry distinct parameter shapes and response patterns. \n \n When we set out to build a production MCP server for TwelveLabs' video understanding platform\, these constraints became a useful stress test for the protocol itself. This talk traces the builder's journey from first commit to published npm package (twelvelabs-mcp)\, covering the decisions that shaped a 19-tool MCP server and the patterns that emerged along the way. \n \n Attendees will leave with concrete patterns for building MCP servers around API-first platforms (particularly those with async workflows\, multimodal inputs\, and wide tool surfaces)\, along with a clear picture of how MCP servers can evolve into full agent plugins.
CATEGORIES:BUILDING WITH MCP
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:5319f9b7d5f007c0dd13c6842489c7c6
URL:http://mcpseoul2026.sched.com/event/5319f9b7d5f007c0dd13c6842489c7c6
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T020000Z
DTEND:20260814T022500Z
SUMMARY:When MCP Tools Fail: Reliable ML Inference for MCP Agents - Sho Tanaka\, Snowflake
DESCRIPTION:The Model Context Protocol (MCP) is emerging as a standard for connecting AI agents with external tools. While LLM-based tools are flexible\, their non-deterministic behavior makes it difficult to meet requirements for stability\, repeatability\, and auditability in production systems. In such cases\, traditional machine learning models provide more predictable inference and are often preferred for system-critical decisions. \n \n However\, ML-powered tools are not free from challenges. Latency\, failures\, and integration issues can propagate through MCP systems and impact agent behavior\, leading to inconsistent decisions\, repeated retries\, or silent failures. \n \n This session explores what happens when MCP tools fail and how to design systems that remain reliable under such conditions. We present a reproducible demo of failure scenarios\, including latency spikes and unstable predictions\, and show their impact on agent behavior. We then introduce practical design patterns—such as timeout and retry strategies and observability—to build reliable MCP-based systems. \n \n Attendees will gain concrete techniques to design trustworthy AI systems that remain stable in real-world environments.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:b481167d0811e5f63ebcf3a34ec979e8
URL:http://mcpseoul2026.sched.com/event/b481167d0811e5f63ebcf3a34ec979e8
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T023000Z
DTEND:20260814T025500Z
SUMMARY:From AGENTS.md to MCP: Practical Patterns for Agentic Engineering Adoption - Junho Kong\, SK Ono
DESCRIPTION:Developers are moving from ad-hoc AI coding assistance to more reliable agentic engineering workflows. But adoption often stalls when agents lack project-specific instructions\, safe tool boundaries\, and reviewable outputs.In this session\, I’ll share practical patterns from working with the Codex developer community on how teams can move from one-off AI usage toward repeatable engineering workflows. We’ll walk through an adoption ladder: starting with clear task contracts\, encoding team conventions in AGENTS.md\, exposing external context through MCP-style tools\, and closing the loop with tests\, human review\, approvals\, and reusable workflows.This talk is not a general introduction to MCP. Instead\, it focuses on how developers and teams can combine AGENTS.md\, scoped tools\, review loops\, and MCP to make agentic systems more trustworthy and practical in real-world engineering environments.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:be535ec23e337e8bdbfb31572ec6e751
URL:http://mcpseoul2026.sched.com/event/be535ec23e337e8bdbfb31572ec6e751
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T023000Z
DTEND:20260814T025500Z
SUMMARY:GraphQL Subscriptions as a Real-time Event Transport for MCP Agents - Akshat Sharma\, Deskree
DESCRIPTION:MCP's current transport model is largely request/response — but production agents need to react to live events without polling. GraphQL subscriptions\, delivered over graphql-ws or graphql-sse\, offer a battle-tested\, widely deployed event streaming primitive that maps cleanly onto MCP's resource notification model. This talk covers the full protocol translation layer needed to wire GraphQL subscriptions into an MCP server as push-based resource updates: how subscription events become MCP notifications\, how to map GraphQL variables to MCP resource URIs\, and how to handle subscription lifecycle — setup\, teardown\, and mid-session schema changes. We'll dig into the tradeoffs between WebSocket and SSE transports for different agent deployment environments\, covering reconnection strategies\, message ordering guarantees\, and backpressure handling when an agent falls behind the event stream. Load tested using Grafana k6 against 2\,000 concurrent subscriptions running on Apollo Server\, this architecture achieves P99 event-to-agent latency under 80ms and sustains throughput that is 4.2× faster than a comparable polling baseline.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:3eb91037597b4ed7e16e88285626ab0e
URL:http://mcpseoul2026.sched.com/event/3eb91037597b4ed7e16e88285626ab0e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T023000Z
DTEND:20260814T025500Z
SUMMARY:The Confused Deputy Problem in MCP: Securing Chained Tool Calls in Multi-Agent Systems - Aviral Sapra\, Linux Foundation Decentralized Trust & Ryan Madhuwala\, Caracal
DESCRIPTION:As MCP systems move from single tool use to multi server and multi agent workflows\, a key security question appears: when one server calls another on behalf of a user\, whose authority is actually used. In this talk I show how chained MCP calls can create a confused deputy scenario where a server unintentionally uses its own higher privileges instead of the user’s limited permissions\, leading to privilege escalation and capability leakage. I demonstrate this with a working multi server setup that exposes three concrete failure modes: token scope amplification across calls\, server to server impersonation caused by implicit trust\, and over delegation of capabilities during orchestration. I then present a practical mitigation based on capability driven design\, where each request carries explicit scoped permissions\, preserves the caller chain\, and is verified at every hop. A prototype implementation shows how these controls block real attack paths while keeping developer experience simple. Finally\, I highlight gaps in the current MCP specification and suggest extensions for safer multi agent systems.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:ecd100f59fd64194bf3abff6119710f6
URL:http://mcpseoul2026.sched.com/event/ecd100f59fd64194bf3abff6119710f6
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T030000Z
DTEND:20260814T032500Z
SUMMARY:From Chaebol to Cloud-Native: MCP Agent Platforms Inside Korea's Manufacturing Giants - Yogesh Sardana\, Independent
DESCRIPTION:Korea's industrial conglomerates—chaebols like Samsung\, SK Hynix\, Hyundai\, LG\, and POSCO—operate the most sophisticated manufacturing ecosystems on the planet. Behind the scenes\, each utilizes thousands of highly proprietary\, heavily siloed Operational Technology (OT) and Information Technology (IT) systems resulting from decades of organic growth and acquisitions. Currently\, engineers waste weeks manually extracting\, normalizing\, and correlating data from these isolated environments before any advanced AI analysis can even begin. This session explores the transformative role of the Model Context Protocol acting as a universal\, cloud-native translation layer. We will reveal how manufacturing giants are utilizing Kubernetes-hosted MCP platforms to seamlessly bridge legacy industrial control systems with modern AI agents\, radically accelerating industrial intelligence.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:1ee2986022dbd0e4d60a254d61a423eb
URL:http://mcpseoul2026.sched.com/event/1ee2986022dbd0e4d60a254d61a423eb
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T030000Z
DTEND:20260814T032500Z
SUMMARY:Skills and MCP: Complementary\, Not Competing - Dale Seo\, Apollo GraphQL
DESCRIPTION:MCP has solved a critical problem: giving AI agents access to external tools and data. But access alone isn't enough. An agent with a database tool can still write terrible queries. An agent with a deployment tool can still push unsafe changes. The gap isn't access. It's expertise. Agent Skills are a lightweight format for encoding the domain knowledge agents need to use tools well. A common misconception is that Skills replace MCP. They don't. MCP provides capabilities: live connections to real systems. Skills provide knowledge: patterns to follow\, mistakes to avoid\, conventions a team considers non-negotiable. Skills ensure an agent does things right. MCP ensures it does real things. You need both. In this talk\, I'll show how they work together through real examples. You'll see agents that call tools with the right arguments\, handle edge cases\, and recover from errors like an experienced developer would. As the creator of Apollo MCP Server and Apollo Skills\, I've built on both sides of this equation and will share the challenges of shipping both: distributing them together\, keeping them in sync\, and evaluating if they still add value as models get smarter.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:e5654c3e5c80b59eeb3d30ade12c228f
URL:http://mcpseoul2026.sched.com/event/e5654c3e5c80b59eeb3d30ade12c228f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T030000Z
DTEND:20260814T032500Z
SUMMARY:Hardening MCP Integrations Against Tool Poisoning - Arshardh Ifthikar\, WSO2
DESCRIPTION:As MCP adoption grows\, tools are becoming the primary interface between agents and external systems. This introduces a new class of risks: tool poisoning\, where tool definitions\, inputs\, or outputs are manipulated to influence agent behavior in unintended ways. \n This talk focuses on practical experience identifying and mitigating tool poisoning in MCP-based systems. Early implementations often assumed tools were trustworthy\, but in practice we encountered issues such as ambiguous tool descriptions\, unsafe parameter handling\, and outputs that could steer agents off course. \n We will walk through concrete examples of how these failures surfaced\, and the patterns that proved more reliable. This includes validating tool contracts\, detecting anomalous inputs and outputs\, constraining tool usage\, and introducing safeguards around execution flow. \n Rather than proposing a single framework\, the session presents a set of techniques that can be applied incrementally to existing MCP setups. The goal is to help teams better understand how tool poisoning occurs in real systems\, and how to design MCP tools that remain predictable and safe under agent-driven use.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:0ac1c050be966a1e0432b3c2c04e1fb9
URL:http://mcpseoul2026.sched.com/event/0ac1c050be966a1e0432b3c2c04e1fb9
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T033000Z
DTEND:20260814T035500Z
SUMMARY:Why We Made Our AI Agent Platform a Codebase Before Adding MCP - Navtej Reddy\, Observe.ai
DESCRIPTION:Six months ago\, building a voice AI agent on our platform meant clicking through a UI. This meant editing prompts\, dragging conversation flows\, hooking up tools with no audit\, no rollback\, no review. To make the platform work better with MCP\, we moved everything to a Git-backed harness. Each agent is now its own repo with skill folders and an agent.md capturing the agent's custom instructions and unique nuances\, so when a customer points Cursor or Claude at it via MCP\, the AI picks up that context before making any changes. \n \n This talk covers: \n (1) the org-change journey from clickops to version control \n (2) the sandboxing model\, how MCP safely exposes Git's branch model (dual read/write endpoints\, tool-layer branch protection\, SSO-derived org scoping) \n (3) the two-stage CI on every PR\, MCP-driven changes ride the same rails as human-authored ones\, with simulations followed by automated evaluations \n (4) the closed-loop flow that ties it all together\, a user files an issue with a test scenario on an agent's page\, the sandboxed AI makes the change\, validates it\, and submits a PR for review using MCP.
CATEGORIES:BUILDING WITH MCP
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:9bc1735234784e4719f64a092d13a171
URL:http://mcpseoul2026.sched.com/event/9bc1735234784e4719f64a092d13a171
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T033000Z
DTEND:20260814T035500Z
SUMMARY:Your MCP Server Behaves Differently in Every Client: A Cross-Client Field Guide for Server Authors - Tanisha Sharma\, SuprSend
DESCRIPTION:Same MCP server. Same prompt. Three different IDEs. Three different outcomes — and one of them is silently wrong. \n \n After documenting a production MCP server across Cursor\, Claude Desktop\, and Windsurf\, the speaker has the war stories. Tool descriptions one client truncates and another expands. Resource limits that vary by 10x. Notification semantics that work in one host and silently no-op in another. OAuth flows that route through different dances depending on the client. Session-lifetime assumptions that turn into "why did my context vanish?" support tickets. \n \n This talk is a field guide\, organized by client\, with the actual diffs server authors should care about. Live side-by-side traces of the same tool call across three clients\, showing where each one quietly diverges from the spec — and the small defensive changes (in tool naming\, description length\, error semantics) that make a single server work the same way in all three. \n \n Closes with a proposal: a "client compatibility matrix" the MCP ecosystem should publish and maintain\, modeled on Can I Use for the web. \n \n For MCP server authors who have only ever tested in one client.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:cb9dfad8af13ed8aeca91534f99fba3f
URL:http://mcpseoul2026.sched.com/event/cb9dfad8af13ed8aeca91534f99fba3f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T033000Z
DTEND:20260814T035500Z
SUMMARY:MCP Discovery Infrastructure: Registries\, Trust\, and Routing for Production Agents - Mahesh Lambe\, ProjectNANDA.org
DESCRIPTION:MCP is becoming the standard way for agents to connect with tools\, apps\, services\, and data systems. But as MCP moves from local developer workflows into production agent platforms\, the next bottleneck is discovery infrastructure: how agents find the right MCP server\, verify its capabilities\, evaluate trust\, respect permissions\, and route safely across teams\, clouds\, vendors\, and organizations. \n \n This session presents a practical architecture for MCP discovery infrastructure: capability metadata\, registries\, signed server facts\, gateway patterns\, trust signals\, policy-aware routing\, observability\, audit trails\, and failure handling. The focus is on reusable design patterns that can help MCP scale without fragmenting into brittle static configurations or vendor-specific registries. \n \n Drawing on Project NANDA work around AgentFacts\, registry interoperability\, adaptive resolution\, and NEST-style testbeds\, the talk gives MCP builders a concrete framework for moving from “agent calls a configured tool” to “agent discovers and safely uses trusted capabilities.” Attendees will leave with implementation patterns\, failure modes\, and standardization questions for production MCP systems.
CATEGORIES:ECOSYSTEMS + REGISTRIES + PLATFORM INFRASTRUCTURE
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:3ae642edc696e30420483d2c7c0d5fb7
URL:http://mcpseoul2026.sched.com/event/3ae642edc696e30420483d2c7c0d5fb7
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T035500Z
DTEND:20260814T052500Z
SUMMARY:Lunch
DESCRIPTION:\n
CATEGORIES:REGISTRATION / BREAKS / SPECIAL EVENTS
LOCATION:Grand Ballroom Foyer\, Seoul\, South Korea
SEQUENCE:0
UID:e7ada4584893a2f46905ed4151805fe9
URL:http://mcpseoul2026.sched.com/event/e7ada4584893a2f46905ed4151805fe9
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T052500Z
DTEND:20260814T055000Z
SUMMARY:Closing the Context Gap: Making Your APIs Agent-Ready With Postman’s Native Git Integration - Aanchal Mishra\, Postman & Ali Mustafa Shaikh\, Pieces AI
DESCRIPTION:Traditional AI implementation relies on "tool sprawl": manually wrapping every API action into custom functions. This creates a maintenance burden where prompts swell\, tokens vanish\, and agents hallucinate under the weight of excessive choice. At Postman\, we’ve shifted the paradigm: instead of teaching agents how an app works\, we provide them with structured context they already understand through the MCP. \n \n This session moves beyond theory to demonstrate a live "AI Readiness" workflow using Postman’s native Git integration. We will pit a well-defined OpenAPI schema against a poorly designed one to visualize the "Context Tax" - showing how architectural debt leads to 2x higher token usage and fumbled execution. By leveraging Postman’s MCP Server generator and CLI SDKs\, I’ll demonstrate how to transform static documentation into active "code skills" that agents like Claude can navigate autonomously. Attendees will learn to build APIs that don't just return data\, but serve as high-fidelity maps for the next generation of autonomous agents.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:e2942efb501b23132786dee069040ca5
URL:http://mcpseoul2026.sched.com/event/e2942efb501b23132786dee069040ca5
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T052500Z
DTEND:20260814T055000Z
SUMMARY:Self-Improving MCP Agents - Kemal Elmizan\, GoTo Company
DESCRIPTION:Most MCP systems today are static at runtime. We define tools\, expose schemas and rely on prompts to guide behavior\, then hope the system remains reliable after deployment. \n \n In practice\, MCP-based systems drift. Agents repeatedly misuse tools\, call inefficient sequences or fail in predictable ways. Tool descriptions become outdated. Context grows noisy. Human operators step in to correct outcomes\, but those corrections are rarely captured or reused. MCP standardizes how agents connect to tools\, but it does not define how systems improve over time. \n \n I would like to explore how to build MCP systems that go beyond execution by introducing feedback loops on top of the protocol. By combining tool call history and observability\, we can build systems that identify their own weaknesses and suggest improvements safely. \n \n The session will cover practical patterns: \n - Detecting repeated tool misuse and failure patterns \n - Learning from retries\, fallbacks\, and human corrections \n - Identifying redundant or low-value tool chains \n - Designing safe feedback loops with audit logs\, versioning\, rollback and human approval
CATEGORIES:BUILDING WITH MCP
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:58086f7ac28bdef1e1def8d85409a7cb
URL:http://mcpseoul2026.sched.com/event/58086f7ac28bdef1e1def8d85409a7cb
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T052500Z
DTEND:20260814T055000Z
SUMMARY:When AI Agents Need Eyes: What MCP Can and Cannot Standardize for Computer Vision - Seowoo Han\, B GARAGE
DESCRIPTION:AI agents are increasingly expected to work with visual information: documents\, screenshots\, cameras\, inspection images\, and other domain-specific signals. MCP gives developers a powerful way to expose these capabilities as discoverable tools and resources\, but real-world computer vision brings challenges that do not disappear behind a simple tool call\, including image quality\, sensor differences\, domain shift\, uncertainty\, validation\, and human review.In this session\, I will explore practical patterns for integrating computer vision into the MCP ecosystem\, including OCR\, object detection\, visual monitoring\, and domain-specific inspection tools. The talk will focus on what MCP can standardize for agent-facing vision systems\, what should remain domain-specific\, and how developers can design safer\, more reliable interfaces between AI agents and visual perception.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:54d4f1c056d2250af0d410d07a0a3521
URL:http://mcpseoul2026.sched.com/event/54d4f1c056d2250af0d410d07a0a3521
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T055500Z
DTEND:20260814T062000Z
SUMMARY:Managing Token Usage in MCP Servers Using Code Mode - Bhumika Satpathy\, Google
DESCRIPTION:As the ecosystem for the Model Context Protocol (MCP) expands\, developers are hitting a familiar wall: token bloat. While MCP provides a powerful standardized interface for LLMs to interact with external data\, the "context tax" of verbose tool definitions and massive data payloads can quickly degrade performance and spike costs. To build production-ready agents\, we must move beyond basic implementations and embrace advanced orchestration. \n \n This session dives into the architecture of efficient MCP server design\, focusing on the "Code Mode" technique. We will explore how to shift the heavy lifting from the LLM’s reasoning space to the server’s execution environment. Instead of forcing the model to process raw\, unrefined data\, "Code Mode" empowers the LLM to generate and ship logic—miniature\, execution-ready scripts—directly to the MCP server. This approach minimizes round-trip latency and drastically reduces the input tokens required for complex data manipulation.
CATEGORIES:BUILDING WITH MCP
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:ae97676388082337fab0686c1549df6b
URL:http://mcpseoul2026.sched.com/event/ae97676388082337fab0686c1549df6b
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T055500Z
DTEND:20260814T062000Z
SUMMARY:Operating an AI Infrastructure Through MCP Apps on Agents - HyounKyoung Moon\, Lablup
DESCRIPTION:GPU infrastructure has traditionally been operated through CLIs\, dashboards\, and a patchwork of admin tools. Each task — checking cluster state\, allocating resources\, launching sessions — forces the operator to switch context and stitch results together manually. \n \n MCP changes the surface of this work. By exposing infrastructure operations as MCP tools\, an agent can carry out cluster tasks on the operator's behalf. And with MCP Apps (SEP-1865)\, the agent doesn't just respond in text — it renders interactive UIs inline\, so the operator can see the cluster\, review the agent's plan\, and approve actions visually within the same conversation. \n \n This talk shows how an agent embedded in an MCP host can manage GPU infrastructure efficiently by combining: \n \n - **Visual control via MCP Apps** — the agent renders cluster status views\, resource allocation charts\, and confirmation cards inline. The operator sees the infrastructure\, reviews the plan\, and clicks to approve. \n - **Session-level control via MCP** — the agent creates\, inspects\, and modifies compute sessions through MCP tool calls. \n - **Human-in-the-loop by design** — visual checkpoints make every consequential action explicit
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:d6ded7f7a5c56654773c8baf9ebc0d97
URL:http://mcpseoul2026.sched.com/event/d6ded7f7a5c56654773c8baf9ebc0d97
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T055500Z
DTEND:20260814T062000Z
SUMMARY:Two Audiences\, One Markdown File: Writing MCP Docs an Agent Can Actually Use - Tanisha Sharma\, SuprSend
DESCRIPTION:When an MCP server exposes documentation.search and documentation.fetch\, its docs site quietly acquires a second reader: the agent. And the agent is not a small human. Humans want narrative tutorials\; agents want flat\, deduplicated\, single-source-of-truth pages. Humans skim\; agents tokenize. Humans tolerate ambiguity\; agents hallucinate from it. \n \n This talk is a field report from rewriting an MCP server's documentation to serve both audiences from one markdown source. Concrete before/after pages\, real agent traces from the SuprSend MCP server (used as a case study not a pitch)\, the five rewrite rules that actually moved the needle on hallucination rates\, and the surprising downstream effect: the human-facing docs got better too. Every rule generalizes to any MCP server with public docs. \n \n Closes with two open questions the audience is invited to argue back at: should agent-facing docs be a separate channel? Should MCP add a "documentation" primitive at the protocol level? \n \n For DevRels\, technical writers\, and MCP server maintainers who already exposed their docs as a tool or are about to.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:3aac1db0cc990b28f6b05b496d032258
URL:http://mcpseoul2026.sched.com/event/3aac1db0cc990b28f6b05b496d032258
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T062500Z
DTEND:20260814T065000Z
SUMMARY:From 40 Tools To 14: A Practical Framework for MCP Tool Curation - Nimit Savant & Gokul K S\, DevRev
DESCRIPTION:We built an MCP server exposing 40+ operations. Agents misused most of them. Hybrid search returned only IDs with no context. get_issue prefixed every field with redundant key-value labels\, burning tokens without helping the LLM. We had write tools with no corresponding read tools. Custom field schemas varied wildly across organizations\, causing unpredictable bloat. \n We cut to 14 tools. Agent precision improved dramatically. But deciding which 14 - and how to design them - required building a framework we wish had existed when we started. \n This talk shares that framework as an open\, reusable methodology any MCP server author can apply: how to audit which tools agents actually select vs. misuse\, how to score agent success rate per tool\, how to identify tools that confuse rather than help\, how to structure response shapes for minimal token cost and maximum agent comprehension\, and how to design progressive disclosure so capability scales without overwhelming context. \n Every team building an MCP server faces this decision. We'll give them a starting point so they don't have to learn it the hard way.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:78acf157ab50165e6b33050f96d77362
URL:http://mcpseoul2026.sched.com/event/78acf157ab50165e6b33050f96d77362
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T062500Z
DTEND:20260814T065000Z
SUMMARY:From Legacy To Agentic AI - Seoyul Yoon\, SK AX
DESCRIPTION:What does it take to bring a company's legacy systems into the AI era?Hand-coding tool functions for every backend is not sustainable\; maintenance costs grow exponentially as the number of services increases. We solved this with a combination of open source projects.Given a single OpenAPI spec\, the system automatically converts endpoints into MCP Tools\, a Kubernetes Operator provisions and manages the MCP server\, and a LangGraph + deepagents-based Agent talks to internal systems on top\, with Agent Skills (SKILL) shaping how that agent behaves.This session shares how we selected and composed five open source projects\, along with the real-world challenges we hit along the way: multi-provider OAuth\, custom Keycloak token verification\, per-backend header injection\, transport-naming inconsistencies across MCP clients\, and rewriting auto-generated tool descriptions to fit the LLM.Not a finished solution\, but a practitioner's account showing that turning legacy systems into AI-ready interfaces is entirely achievable with open source.\n
CATEGORIES:BUILDING WITH MCP
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:3b6e5faca2aa42fbc4766b0f44953f59
URL:http://mcpseoul2026.sched.com/event/3b6e5faca2aa42fbc4766b0f44953f59
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T062500Z
DTEND:20260814T065000Z
SUMMARY:From CVEs To Kill Switches: Hardening the MCP Supply Chain End-to-End - Unnati Mishra\, Independent
DESCRIPTION:Talks on agent security often focus on prompts and tools\; this one zooms in on the MCP supply chain itself. When every MCP server can reach production systems\, a single compromised SDK\, container image\, or plugin becomes an enterprise incident. \n \n This session walks through an end-to-end hardening playbook for MCP ecosystems: SBOMs for MCP servers and clients\, signing and verifying artifacts\, policy-as-code gates in CI/CD\, runtime admission policies\, and emergency kill switches at the MCP layer. \n \n I’ll map real-world supply-chain failures from the broader OSS world to concrete MCP risks\, then show how to layer defenses without killing developer velocity. Attendees will leave with threat models\, example policies\, and a response runbook they can adapt to their own deployments\, something they can hand directly to their security team on Monday.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:c5ee7edfc22773e22a07a2e73bcd7169
URL:http://mcpseoul2026.sched.com/event/c5ee7edfc22773e22a07a2e73bcd7169
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T065000Z
DTEND:20260814T070500Z
SUMMARY:Break
DESCRIPTION:\n
CATEGORIES:REGISTRATION / BREAKS / SPECIAL EVENTS
LOCATION:Grand Ballroom Foyer\, Seoul\, South Korea
SEQUENCE:0
UID:beeb2bfecb43214ec2863e5e882e6715
URL:http://mcpseoul2026.sched.com/event/beeb2bfecb43214ec2863e5e882e6715
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T070500Z
DTEND:20260814T073000Z
SUMMARY:Building and Testing MCP Servers With the Inspector\, Conformance Suites\, and Property-Based Testing - Navin Pai\, StackGen
DESCRIPTION:MCP gained popularity because it was as easy as building a REST API. Infact\, many might say\, building an MCP Server is a bit too easy. Shipping a broken MCP server into a pool of a hundred others is easy but shipping one that actually behaves correctly under adversarial clients\, malformed inputs\, and edge-case tool schemas is hard. \n \n Devs have already built tens of thousands of MCP servers\, and recent spec revisions have focused on richer tool annotations\, structured tool outputs\, and clearer security best practices\, all of which introduce new failure modes to test for. \n \n This session covers a complete testing pyramid for MCP servers: using the official MCP Inspector for interactive tracing\, writing conformance tests against the JSON Schema tool definitions\, and applying property-based testing (with tools likeHypothesis in Python or fast-check in TypeScript) to fuzz tool inputs and surface schema violations before clients do. We'll also walk through how to set up a CI pipeline that runs your MCP server against a spec conformance suite on every pull request\, and how to lint tool descriptions for ambiguity that could confuse real LLM clients.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:2a82fbdd9588b16c61901b52b79cb38f
URL:http://mcpseoul2026.sched.com/event/2a82fbdd9588b16c61901b52b79cb38f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T070500Z
DTEND:20260814T073000Z
SUMMARY:My Computer's Purchasing? Enabling Agentic Commerce With MCP - Rohit Ganguly\, Descope
DESCRIPTION:Agentic Commerce is one of the most intriguing use cases for agents\, with $3-5 Trillion in volume predicted by 2030 according to the latest research. However\, with so many protocols\, projects\, and mechanisms\, it's very easy to confused while learning about this use case\, and where\, if at all\, MCP fits into it. \n \n Fortunately for us\, MCP fits perfectly into the modern Agentic Commerce Protocols! In this session\, we'll cover exactly how and where MCP fits into the agentic commerce equation. On top of that\, we'll introduce the concept of Agentic Commerce\, break down the popular protocols\, and construct a system design of what Agentic Commerce looks like with MCP. \n \n By the end of the session\, attendees will have a cursory understanding of Agentic Commerce principles and how to enable this use case with MCP. Additionally\, a GitHub repository detailing Agentic Commerce via MCP will be provided.
CATEGORIES:BUILDING WITH MCP
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:ec50119ebe26492cb8889e12a99f07f2
URL:http://mcpseoul2026.sched.com/event/ec50119ebe26492cb8889e12a99f07f2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T070500Z
DTEND:20260814T073000Z
SUMMARY:Beyond APIs: Making MCP Services Faster and Secure With WebAssembly - Brandon Kang\, Akamai Technologies
DESCRIPTION:As MCP adoption grows\, most implementations focus on defining tools and integrating APIs\, but far less attention is given to how these tools are actually executed. In production environments often introduces real challenges in both security and performance. \n \n In this session\, we explore how WebAssembly fundamentally changes this model by providing a secure and high-performance execution layer. We'll also work through how MCP tools can run inside a sandboxed WebAssembly runtime\, where access to the file system\, network\, and environment is explicitly controlled. This significantly reduces the attack surface compared to traditional server-side execution models\, especially in multi-tenant and agent-driven environments. \n \n From a performance perspective\, WebAssembly enables near-native execution speed with extremely fast startup times. WebAssembly modules can start in milliseconds\, making them ideal for MCP workloads where tools are invoked frequently and latency directly impacts agent responsiveness. \n We will also cover authentication patterns such as OAuth and JWT\, and explain how a “secret-less” architecture can be achieved by isolating credentials outside of the execution runtime.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:a175dcaa373b9955a44616c9251a06bb
URL:http://mcpseoul2026.sched.com/event/a175dcaa373b9955a44616c9251a06bb
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T073500Z
DTEND:20260814T080000Z
SUMMARY:Dead Reckoning for AI Agents: Building Fault-Tolerant MCP State Machines Without a Map - Akshat Khanna\, Independent
DESCRIPTION:In maritime navigation\, dead reckoning means computing your current position using a known starting point\, heading\, and speed without GPS. Agentic MCP systems face the exact same problem: once a multi-tool workflow begins\, mid-flight failures\, partial writes\, and out-of-order responses leave your agent adrift with no canonical ground truth. This talk introduces a practical framework for designing fault-tolerant MCP state machines inspired by dead reckoning principles. You will learn how to model agentic workflows as explicit state graphs\, how to attach idempotency keys to MCP tool calls to safely replay without side effects\, how to design checkpointing patterns that survive process crashes\, and how compensating transactions replace naive rollback for real-world tools. Live-coded demos run through a concrete multi-server order pipeline that survives server timeouts\, stale tool responses\, and partial network partitions. Leave with implementation patterns\, failure taxonomy\, and open-source primitives you can wire into any MCP client today.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:38e725aaa423ef7e4bc11c8b3c7d341d
URL:http://mcpseoul2026.sched.com/event/38e725aaa423ef7e4bc11c8b3c7d341d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T073500Z
DTEND:20260814T080000Z
SUMMARY:Stop Wrapping APIs: Building Structured Execution Boundaries With MCP for Incident Triage - Sunyoung Park\, KC-ML2
DESCRIPTION:Most teams start with MCP by exposing existing APIs as thin tool wrappers. We did too. However\, we quickly realized that for complex operations-like managing GPU clusters and infrastructure health-simply exposing more tools doesn't lead to better automation\; it leads to LLM confusion. The real challenge is defining the right reasoning and execution boundary. \n \n In this talk\, we share our journey of moving beyond simple API exposure to building MCP servers that act as a sophisticated operational layer. We'll dive into how we transformed fragmented signals into 'Structured Guidance' by embedding domain heuristics and workflow context directly into the MCP layer. \n \n Attendees will learn: \n - how to recognize when MCP is acting as a thin wrapper versus a real workflow boundary \n - how to design MCP on top of existing operational or management systems \n - how to turn fragmented tools\, signals\, and internal APIs into structured guidance for real-world workflows \n \n This session is a practical story about where MCP becomes more than an integration layer: when it starts acting as the execution boundary for real-world operational decisions.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:707b6a75ad3e6cfbe01bdd5190b011ad
URL:http://mcpseoul2026.sched.com/event/707b6a75ad3e6cfbe01bdd5190b011ad
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T073500Z
DTEND:20260814T080000Z
SUMMARY:Who Watches the Watchmen? Safe AI-Agent Failover Via MCP and CRDs - Phuong Bac Ta\, Research Center for Distributed Cloud and Networking\, SSU\, South Korea & Vitumbiko Mafeni\, CNLAB | SSU IISTRC
DESCRIPTION:Giving an AI agent access to a Kubernetes cluster sounds powerful — until it runs the wrong command. The real challenge is not connecting an LLM to a cluster\, but constraining what it can do\, enforcing correctness\, and keeping a human meaningfully in the loop. \n This session presents a blueprint for safe\, auditable MCP-powered operations through a real use case: an AI-assisted failover system for Kubernetes. Instead of letting an agent call cluster APIs directly\, we place a Failover MCP Server in front of the cluster and expose only discrete\, permission-scoped tools for observation and controlled action. \n Beneath that reasoning layer\, a Kubernetes Operator serves as the enforcement point. CRDs such as FailoverPolicy and DisasterRecoveryPlan encode failover semantics\, validate requested actions\, and ensure execution remains deterministic and policy-compliant. Sensitive actions are held behind a requireApproval setting in the Agent manifest until an operator explicitly approves the next step. \n The talk closes with lessons on where LLM reasoning helps during incidents and why Operator-controlled execution still matters in high-risk workflows.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:d4fabf89ec8017c6a2a14eada9e3fc74
URL:http://mcpseoul2026.sched.com/event/d4fabf89ec8017c6a2a14eada9e3fc74
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T080500Z
DTEND:20260814T083000Z
SUMMARY:From Scripts To Systems: Building Appium MCP for Real-World Automation - Swastik Baranwal & Navin Chandra\, TestMu AI (formerly LambdaTest)
DESCRIPTION:"MCP makes it easy to expose tools. \n It does not make it easy to design systems." \n \n At scale\, that gap shows up as tool explosion\, context limits\, and unreliable execution. \n \n As MCP servers grow\, they accumulate large numbers of tools\, fragmented abstractions\, and stateful workflows\, until agents struggle to discover\, select\, and reliably execute the right actions. \n \n Attendees will leave with specific design patterns to make MCP servers more reliable\, scalable\, and easier for agents to use. \n \n In building Appium MCP (github.com/appium/appium-mcp)\, we encountered this firsthand. Supporting real mobile automation required handling 100+ device actions\, concurrent sessions across devices\, and flaky UI interactions\, quickly pushing naive MCP designs to their limits \n \n In this talk\, we demonstrate what breaks when MCP servers scale and how we changed our system \n \n We evolved from loosely defined tools to an intent-driven interface\, added elicitation for clearer execution\, and integrated Appium Skills to extend capabilities. \n \n These patterns enabled us to move beyond simple command execution toward composable\, agent-driven automation\, powering new projects like AppClaw - an extension to Appium MCP.
CATEGORIES:BUILDING WITH MCP
LOCATION:Orchid 1\, Seoul\, South Korea
SEQUENCE:0
UID:4fabb87939e128ce89ef3bff7fcb64f8
URL:http://mcpseoul2026.sched.com/event/4fabb87939e128ce89ef3bff7fcb64f8
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T080500Z
DTEND:20260814T083000Z
SUMMARY:When Dashboards Lie: Building MCP Tools That Chase Down the Truth - Hrittik Roy\, vCluster & Aditya Soni\, SailPoint
DESCRIPTION:Dashboards lie. Not maliciously\, structurally. Aggregation hides the tenant on fire. Sampling drops slow requests. The p99 looks fine because 47 users who timed out are a rounding error. Every SRE has lived this: green screen\, Slack on fire\, hunting across five tools to find what the dashboard refused to show. \n \n This is a field report from building MCP tools that do the hunting. The agent does not replace the SRE. It does the grunt work nobody has time for at 3 AM: pulling exemplar logs for the slowest 0.1 percent\, correlating a deploy against error rates\, checking if the metric was even reporting. \n \n 1. Why dashboards lie. Sampling\, aggregation\, the "aggregate green\, individual red" pattern. \n 2. MCP tool design for truth-seeking. Read-only vs side-effecting split\, partial-data schemas\, outputs that make the model admit uncertainty instead of hallucinating "all good." \n 3. Correlation loops that work. Deploy to error rate to exemplar logs to suspected change\, not seventeen tabs. \n 4. Guardrails from production. Prompt injection in logs\, cost blow-ups\, tools we took back after one bad incident. \n \n Attendees leave with patterns for MCP tools that chase down what dashboards will not show.
CATEGORIES:BUILDING WITH MCP
LOCATION:Grand Ballroom 1 + 2\, Seoul\, South Korea
SEQUENCE:0
UID:2e50106fe77ec302e6c08c869857ba97
URL:http://mcpseoul2026.sched.com/event/2e50106fe77ec302e6c08c869857ba97
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260626T074014Z
DTSTART:20260814T080500Z
DTEND:20260814T083000Z
SUMMARY:MCP Authorization: What an IAM Engineer Sees That You Might Miss - Thumula Perera\, WSO2
DESCRIPTION:I spent four years building identity systems. When I read the MCP authorization spec\, I recognized the building blocks: OAuth 2.1\, PKCE\, Dynamic Client Registration. I also recognized where it goes quiet on the hard parts. \n \n Three gaps stand out. \n \n Scopes are defined at the transport level\, not the tool level. A token grants access to an MCP server\, but says nothing about which tools the client can call. \n \n Agent chain identity has no standard answer. The spec is silent on server-to-server authentication\, and the client credentials grant for agent-to-agent scenarios is only now returning as a draft extension. \n \n Dynamic Client Registration brings lifecycle problems. RFC 7592 for client management is not widely supported\, and multiple clients sharing an OAuth client ID is a risk teams hit without realizing it. \n \n I'm not an MCP insider. This talk maps four years of API and identity work onto problems MCP teams are running into right now.
CATEGORIES:SECURITY + IDENTITY + TRUST
LOCATION:Orchid 2\, Seoul\, South Korea
SEQUENCE:0
UID:a1bde09732ffe5e7ca4a0518316c0655
URL:http://mcpseoul2026.sched.com/event/a1bde09732ffe5e7ca4a0518316c0655
END:VEVENT
END:VCALENDAR