MCP Dev Summit Seoul 2026

AI agents interact with enterprise systems through three different traffic patterns, each demanding its own governance. Inbound API traffic (REST, GraphQL, gRPC, event streams) needs auth and rate limiting. Outbound LLM traffic needs multi-model routing, token-based cost controls, and guardrails. Agent-to-tool traffic via MCP needs session-aware governance, delegated identity, and discovery.
Most organizations handle each ad hoc with different proxies, custom middleware, ungoverned direct connections. The result: policy fragmentation, identity silos, and cost blind spots.
This talk presents a three-gateway architectural framework. We define the API gateway (ingress), LLM gateway (egress), and MCP gateway (agent-to-tool) as composable patterns with distinct governance primitives, then show how they unify into a bi-directional architecture with shared identity (OAuth2), consolidated observability, and consistent policy.
Technology-neutral and standards-based: OpenAPI, AsyncAPI, MCP, and OAuth2. You'll leave with a decision framework for which pattern governs which traffic flow — and how to avoid building three separate governance silos.