MCP Dev Summit Seoul 2026

As MCP adoption grows, tools are becoming the primary interface between agents and external systems. This introduces a new class of risks: tool poisoning, where tool definitions, inputs, or outputs are manipulated to influence agent behavior in unintended ways.
This talk focuses on practical experience identifying and mitigating tool poisoning in MCP-based systems. Early implementations often assumed tools were trustworthy, but in practice we encountered issues such as ambiguous tool descriptions, unsafe parameter handling, and outputs that could steer agents off course.
We will walk through concrete examples of how these failures surfaced, and the patterns that proved more reliable. This includes validating tool contracts, detecting anomalous inputs and outputs, constraining tool usage, and introducing safeguards around execution flow.
Rather than proposing a single framework, the session presents a set of techniques that can be applied incrementally to existing MCP setups. The goal is to help teams better understand how tool poisoning occurs in real systems, and how to design MCP tools that remain predictable and safe under agent-driven use.