MCP Dev Summit Seoul 2026

When teams start building on MCP, one of the first real questions that comes up is simple: what are agents actually allowed to do?

In smaller setups, it's easy to bake access checks into the agent or the application itself. That works until it doesn't. Once you're dealing with multiple tools, services, and data sources, things get messy fast. Permission logic gets copied across services, drifts out of sync, and when something breaks, nobody can agree on where the problem actually lives.

This talk covers how I approach authorization in MCP-based systems. Where access decisions should live, how to keep them consistent as complexity grows, and what changes when agents are acting on behalf of users rather than just on their own.

The focus is on patterns that have worked in real systems: centralizing your policy layer, passing the right context through each request, and keeping decisions auditable so you can trace what happened and why.

You'll leave with a clearer way to think about authorization in MCP environments, and a better sense of where things tend to break down as systems scale.