MCP Dev Summit Seoul 2026

Talks on agent security often focus on prompts and tools; this one zooms in on the MCP supply chain itself. When every MCP server can reach production systems, a single compromised SDK, container image, or plugin becomes an enterprise incident.

This session walks through an end-to-end hardening playbook for MCP ecosystems: SBOMs for MCP servers and clients, signing and verifying artifacts, policy-as-code gates in CI/CD, runtime admission policies, and emergency kill switches at the MCP layer.

I’ll map real-world supply-chain failures from the broader OSS world to concrete MCP risks, then show how to layer defenses without killing developer velocity. Attendees will leave with threat models, example policies, and a response runbook they can adapt to their own deployments, something they can hand directly to their security team on Monday.