The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit Mumbai to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..
IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
Sign up or log in to add sessions to your schedule and sync them to your phone or calendar.
The emergence of the Model Context Protocol is transforming how AI agents interact with tools, data, and real-world systems. However, most early MCP implementations rely on high-level runtimes that are not well-suited for embedded and resource-constrained edge environments. This session explores how RUST enables a new class of high-performance, memory-safe MCP servers designed specifically for Embedded Linux–powered edge devices.
In this tutorial, I'll walk through building a lightweight MCP server, bridging physical data sources into LLM-readable formats, enabling intelligent agents to reason over live edge data using Rust.
- Why MCP for Edge AI Systems? - Why RUST? - Building simple server using rmcp and testing with a client - Bridging physical word e.g. Sensors, Telemetry, File Systems and structuring LLM-readable context, data pipelines - High-performance Edge MCP Runtime - Async & Concurrency Models for scalable communication (MQTT, HTTP, gRPC etc.) - Observability, tracing & Debugging - Bring MCP in Agent loop, Using Rig for orchestration - Deploying to target board, cross compilation steps - Case Study: Building an Edge MCP Agent, e.g. Telemetry and Diagnostics
Rajesh is working as an Education Architect at KPIT technologies Ltd. He is currently focusing on technical competency building for middleware technologies and connected vehicle solutions. He has 20 years of experience with core focus on Modern Programming, System Design, Embedded... Read More →
**Space Limited - First Come, First Served. Please bring a fully charged laptop to the workshop**
Enterprise adoption of the Model Context Protocol is accelerating — but the path from "MCP works on my laptop" to "MCP running securely across our organization" is windy and challenging. Building MCP servers isn't particularly hard. The real challenges are OAuth, identity sprawl, and the governance requirements your security team will eventually land on your desk. MCP servers should focus on tools, resources, and prompts — not rebuilding OAuth infrastructure from scratch every time. A dedicated identity and governance control plane absorbs that complexity once, rather than forcing every server to solve it independently. In this workshop, we will: 1. Demonstrate how to integrated MCP servers with identity management tools 2. Show how to tailor MCP authorization by groups and policies. 3. Work through real governance scenarios by filtering MCP calls for PII or code injection. 4. Demonstrate how MCP traffic can be captured via an MCP gateway and used for compliance, monitoring and observability.
You'll leave with a clear picture of the architectural decisions ahead of you, and a better sense of what your security team is going to ask for before they sign off on scaling MCP adoption.
I am the President and co-founder of Obot AI, and have been building open source software for the last 20 years. Prior to starting Obot, I co-founded Cloud.com (creator of CloudStack) and Rancher Labs (creator of Rancher, k3s, Longhorn, etc). I was a board member of the CNCF for 4... Read More →
Chris Urwin is VP of Field Engineering at Obot AI and a veteran engineering leader. With deep hands-on experience in cloud‑native platforms, Kubernetes, containers, CI/CD, and developer tooling, he builds and scales global technical teams. Chris bridges product, engineering, and... Read More →
**Space Limited - First Come, First Served. Please bring a fully charged laptop to the workshop**
As agentic systems evolve from single-step tasks to orchestrated workflows, maintaining structured, evolving context becomes a core engineering challenge. While Retrieval-Augmented Generation (RAG) improves access to information, most implementations treat the knowledge source as a static, read-only repository, making it difficult to capture relationships, causality, and decision history across sessions.
This hands-on workshop focuses on operationalising a context engine using MCP—showing how to build a system where agents can read, write, and reason over shared structured context.
Participants will work through a guided implementation to:
* Design a minimal context graph schema for a real-world workflow. * Ingest and normalise data into a structured representation. * Expose the context layer via MCP servers. * Enable agents to query and update context through MCP tools. * Persist reasoning state across sessions and agent boundaries.
By the end of the session, attendees will have built a working foundation for a context engine and understand how to evolve it into a shared context layer for multi-agent orchestration.
I am working at Lytx Inc. as an ML Engineer, where my primary area of work is building ML inference platforms focusing on video analytics and a visual language model. I have over 6 years of professional experience in building ML systems from the ground up since finishing my master's... Read More →
**Space Limited - First Come, First Served. Please bring a fully charged laptop to the workshop**
Most MCP tutorials stop at "hello world." This session goes further. We will walk through how we built a production-grade, open source MCP server template at Red Hat, covering FastMCP + FastAPI integration, multiple transport protocols (HTTP, SSE, streamable-HTTP), OAuth with PostgreSQL token storage, structured logging, and OpenShift deployment manifests. Attendees will leave with a clear mental model of what it actually takes to go from a local MCP prototype to something you can run in production on Kubernetes. We will also share the design decisions we made, the mistakes we avoided, and how developers can use this template as a starting point for their own MCP servers.
Architect & Technical Lead at Red Hat with 15+ years in backend, distributed systems, and cloud-native tech. Currently building Agentic AI solutions using MCP, AI agents, and intelligent data platforms. Works across Java, Python, AWS, Quarkus, and OpenShift. Passionate about open... Read More →
Angie Jones is the VP of Developer Experience at the Agentic AI Foundation
An award-winning educator and international keynote speaker, Angie shares her extensive knowledge with software companies and conference audiences worldwide.
As a Master Inventor, Angie is recognized for her innovative, out-of-the-box thinking, which has led to 27 patented inventions in virtual worlds, collaboration software, social networking, smarter planet initiatives, and software development processes... Read More →
18 months ago, Block open-sourced an agent framework called Goose. Community grew quickly, faster than I ever expected. Then the community came back with a question I didn't have a good answer to: who keeps this open? This is the story of chasing that answer - how it led to a foundation co-founded by fierce rivals, why nearly two hundred companies have since joined, and what we've learned about open along the way. Because open, on its own, doesn't stay open; we've seen that movie before, and the agentic layer raises the stakes higher than anything that came before it. It's also a look forward - to the future we're building toward, where agents from any vendor can find each other, trust each other, and transact on rails no single company, or government, can ever pull out from under us. The agentic layer is still being shaped. This talk is about how we keep it open, and how you can help, while it's still ours to shape.
Goose is an open-source AI agent that can be extended through integrations, tools, and community-driven projects. In this talk, I'll share my journey working with Goose, explore how its capabilities can be extended through community-driven projects, highlight examples from the Goose ecosystem, and discuss the development of GooseBot as one approach to bringing AI agents closer to developer communities. Along the way, I'll cover lessons learned from building in the open and why extensibility is key to the future of open-source AI agents.
I’m Abhijay Jain, an open-source developer and FOSS enthusiast with experience across developer tooling, Bitcoin infrastructure, AI products, and modern web technologies.
Over the years, I’ve contributed to global open-source programs and organizations including the Linux Foundation, Google summer of code, Block, UnternehmerTUM, and several community-driven ecosystems. I started my open-source journey as an LFX mentee with Open Horizon (IBM open... Read More →
David Nalley is Director of Developer Experience at Amazon Web Services (AWS), where he leads efforts to improve how developers interact with AWS services and technologies. He brings over two decades of experience in technology to his role. Nalley previously served as President of... Read More →
I am the President and co-founder of Obot AI, and have been building open source software for the last 20 years. Prior to starting Obot, I co-founded Cloud.com (creator of CloudStack) and Rancher Labs (creator of Rancher, k3s, Longhorn, etc). I was a board member of the CNCF for 4... Read More →
AI Agents are getting smarter with each passing day. But, their interfaces? Not so much.
But, what if there is a way to turn the AI chat from a place where you converse into a place where you can actually work?
MCP Apps offer a solution to go beyond the text and standardize how MCP servers can deliver rich, bidirectional UI components like dashboards, forms, interactive visualizations & more. These components are rendered securely and natively within AI hosts, enabling agents to interact with users via rich interactive interfaces.
In this session, attendees will learn: - Core architectural patterns from real MCP Apps development - How to handle sandboxed host–server communication, manage state synchronization, stream real-time updates, handle async tasks, & add multiplayer collaboration - How to leverage context and persist memory across conversations - How to avoid some common pitfalls and utilize debugging workflows and tools - How to add authentication & deploy a remote MCP Server providing MCP Apps
We will walk through a complete, production-style Sales Analytics MCP Apps and perform a code deep-dive to showcase the effective foundational patterns while building MCP Apps.
Ashita works as a developer advocate at AWS with a strong focus on frontend and AI technologies. With 10+ years of experience in full stack development, she is passionate about building impactful products and equally loves empowering & engaging with fellow developers in the commu... Read More →
We design MCPs assuming idempotency, apply the same action twice nothing changes, reconcile repeatedly, and state is declarative.
But in reality, most MCP actions are only partially idempotent, because beneath the abstraction external systems mutate independently, side effects escape the control plane, ordering of operations matters, and “same input” doesn’t always mean “same result”. At scale, MCPs rely on many things like reconciliation loops, declarative APIs, retry-based execution.
We’ll unpack how MCPs unintentionally, violate idempotency through hidden side effects, depend on ordering guarantees that don’t exist, produce divergent states under retries, mask unsafe operations behind “safe” abstractions. This isn’t a talk about retries or Kubernetes patterns. There are no controller frameworks, just a deeper examination of why MCPs aren’t as safe as we assume, and how to design them with fewer hidden risks.
Because the most dangerous systems aren’t the ones that fail. They’re the ones you believe are safe to retry.
Prerit is a Cloud-Native Platform Leader with extensive experience designing and scaling secure, resilient cloud infrastructures. As the former CTO of KubeCloud, he built no-code solutions bridging Cloud, DevOps, and SRE, leading the company to a successful acquisition. Currently... Read More →
The MCP authorization spec gives us a clean OAuth 2.1 story between clients and servers. What it leaves out of scope is the host itself, the AI agent orchestrating the conversation. That's where enterprise deployments quietly break.
An MCP host is not a passive pipe. It accepts requests from users, services, and peer agents, reasons with LLMs, and invokes tools across many servers. Every edge is an identity boundary. Without a first-class host identity, no stable credentials, no verifiable delegation, no independent audit trail, every downstream decision inherits that ambiguity. Who made this tool call? The user? The agent on their behalf? The agent autonomously? Most deployments cannot answer, so they cannot enforce least privilege or satisfy audit.
This talk treats the MCP host as a first-class identity through four disciplines: Administer (lifecycle, credentials), Authenticate (how a host proves itself), Authorize (delegation vs. impersonation, token exchange, actor claims), and Audit (trails that separate agent action from user intent). For each, we'll show what the spec covers, where the gap sits, and which extensions and emerging patterns are converging to close it.
Ayesha is Lead Architect for Identity and Access Management for Agentic AI at WSO2, specializing in securing autonomous AI systems. With over a decade in enterprise IAM, she architects identity solutions for AI agents, bridging traditional frameworks with emerging AI security needs... Read More →
The dominant observability pattern for AI agents today is layered agents: sidecars, daemon sets, exporters. Each adds blast radius.
This talk proposes flipping the model, using eBPF for zero-agent kernel telemetry, exposing it via MCP, and letting the LLM itself do the orchestration across tool calls.
I'll demo a concrete multi-tool MCP interaction: an LLM receives "why is this service slow?", autonomously calls get_recent_process_execs, correlates with get_active_connections, and follows up with get_high_syscall_latency, forming a causal chain from kernel truth to natural language diagnosis. No pre-scripted runbook. No human in the loop.
The talk goes deep on failure modes specific to this architecture: tool-call loops triggered by ambiguous latency signals, hallucination risk when eBPF data is sparse, and retry/fallback strategies when kernel probes detach under load.
We'll also cover how to design MCP tool responses that constrain LLM reasoning toward actionable conclusions, not just open-ended exploration.
Attendees leave understanding how to architect kernel-aware agentic systems that are genuinely production-safe.
SDE at IBM Data & AI, working on IBM watsonx™. Software Engineering Researcher at UIUC. Computational Cognition Researcher at Georgia Institute of Technology. Biomedical XAI Researcher at Dartmouth College. Formerly at Niramai & IIT Hyderabad, researching ML for breast cancer and gene regulatory networks. Built cognitive tools for dementia prevention as a student entrepreneur. Google KaggleX Mentee, AWS Scholar, Harvard WE Tech Fellow, Oxford & MIT Summer School alumna and a Stanford... Read More →
As enterprises scale AI operations to support hundreds of agents and thousands of users, they inevitably hit an architectural wall. The friction points fall into three categories: visibility, control, and reuse. Teams struggle to discover existing agents and MCP servers across a large organization, platform teams need to govern publication and enforce security, and siloed groups waste time rebuilding capabilities that already exist. Without a centralized registry, agent sprawl grows, compliance risk increases, and critical knowledge stays trapped in local teams. In this session, we will share how the Motorola Solutions Platform Engineering team addressed this bottleneck by building a shared discovery and governance layer for internal AI resources. We will unpack the patterns behind our internal MCP catalog, including agent and prompt versioning, team-based visibility controls, approval workflows, and automated security scanning before resources are broadly shared. We focus on what broke early, and what won trust first. Attendees will leave with a practical, vendor-agnostic blueprint for making MCP resources easier to discover, safer to publish, and more reusable at enterprise scale
Innovative Software Engineer at Motorola Solutions R&D, focused on the future of AI and digital authenticity. Expertly navigating the frontier of MCP, A2A, and C2PA to deliver secure, scalable, and durable software at industry-leading speeds. REVA University Alumnus with a lifelong... Read More →
56,000+ MCP servers are listed across mcp.so, Smithery, Glama, and PulseMCP. But how do you know which ones actually work?
I independently mapped 4 major MCP directories and tested 65+ servers across Research, Code, and Finance categories. The results expose a critical trust gap.
Each directory measures something different — none measure what matters most: - mcp.so (19.5K servers): Zero quality signals - Smithery (4.4K): Tracks uptime, not output quality - Glama (21K): Grades code quality, not correctness - PulseMCP (11K): Tracks popularity only
Key findings I'll share:
1. Quality collapse at scale — Developer Tools has 8,800 servers but only ~12 are consistently good (0.1% quality rate)
2. The Finance/Payments desert — 74 Finance servers out of 19,557 (0.4%). Fewer than 8 support agent-to-agent payments across 14 protocols I analyzed
3. A practical framework for MCP server trust — beyond code grades to actual output quality assessment
This is independent research, not a product pitch. Full dataset and methodology shared openly.
Attendees leave with the first cross-directory quality analysis of the MCP ecosystem and a framework for evaluating servers.
An engineer drawn less to building features than to questioning the foundations systems rest on — the invisible layer of trust, payments, and reputation that quietly decides whether strangers ever cooperate. That instinct has carried him from the plumbing of agentic commerce (he's... Read More →
OAuth-based authentication is becoming the default foundation for MCP-enabled systems. However, while authentication is standardized, authorization across agent boundaries remains unresolved.
In multi-agent MCP pipelines, orchestrators delegate tasks to sub-agents that act using the user’s authority. This creates a classic confused deputy problem: a sub-agent executes with valid credentials, but under the influence of untrusted inputs such as prompt injections or malicious tool manifests. As a result, it can access or exfiltrate data beyond the user’s original intent.
This talk demonstrates how privilege propagation, not authentication failure, is the core risk.
I will present a three-layer enforcement model:
1) Token attenuation using RFC 8693 to restrict sub-agent privileges at delegation time 2) Policy enforcement using Open Policy Agent to treat every tool call as untrusted input 3) Structured audit trails to ensure post-incident analysis
Live demo: the same MCP pipeline executed twice, first with default delegation (resulting in silent data exfiltration via prompt injection), and then with all three controls applied, where the attack is blocked, logged, and auditable.
Vishal Alhat is a Developer Advocate at Amazon Web Services (AWS) and a former AWS Hero, recognized for his significant contributions to the AWS community. With 11+ years of experience in cloud technologies, Vishal specializes in DevOps, cloud security, and AI/ML.As an active community... Read More →
Sankalp Sandeep Paranjpe is a DevSecOps Engineer and cloud security practitioner. He speaks at community and security events on practical DevSecOps and Kubernetes security topics. He volunteers with AWS User Group Pune and contributes to the cloud-native community through talks, workshops... Read More →
As the Model Context Protocol (MCP) emerges as a standard interface for connecting models, agents, and tools, organizations are exploring MCP servers while also evaluating the operational and security implications of adopting them at scale. This session proposes the solutions and guardrails to address the common security issues such as lethal trifecta, tool poisoning and access misuse.
The talk will outline how MCP registry, control planes, secure gateways and trust boundaries a work together to enable risk governance, security, and operational reliability across agent and MCP ecosystems.
While examples may reference specific approaches, the session remains implementation-neutral and focuses on how these controls collectively establish a safe and scalable MCP environment. Attendees will gain a holistic understanding of how layered controls can address the security concerns and operational risks associated with MCP servers, helping organizations move toward trusted, scalable MCP ecosystems.
Design architect and lead for MCP and Agentic directories and security control planes in JPMorgan Chase. Member and active contributor to the Agentic AI Foundation(AAIF) working groups focused on Security, Identity, Trust and Governance for agentic AI systems.
MCP makes tool use interoperable. It does not, by itself, give you a portable record of what happened after a tool call crosses a system boundary.
That gap shows up quickly in real deployments. Server logs help the operator debug. Traces help inside one stack. But if a customer, partner, auditor, or downstream system needs to verify a tool result later, those artifacts usually do not travel well.
This talk shows a practical pattern for adding portable signed records to MCP tool calls without changing MCP itself. I will walk through where the record fits, what should be signed, how to carry it with a tool result, how offline verification works, and how this complements existing auth, tracing, and policy systems instead of trying to replace them.
Attendees will leave with a clear implementation pattern they can use in their own MCP servers and gateways: issue, carry, verify, and reason about signed records for tool calls.
Jithin Raj is the lead protocol maintainer of PEAC Protocol and founder of Originary. He works on portable signed records for APIs, MCP servers, and agent workflows.
There is a fundamental contradiction at the heart of production deployments for the Model Context Protocol (MCP). Conceptually, MCP sessions are stateful: they establish connections, negotiate capabilities, and persist context. However, modern deployment environments—like Kubernetes horizontal scaling, serverless functions, and AWS Bedrock AgentCore—are inherently stateless.
The current ecosystem advice is simply to "externalize your state," but there is no standardized infrastructure for doing this natively within MCP. Developers are forced to build ad hoc memory management using custom Redis wrappers or brittle in-memory dictionaries.
This session introduces the State Sidecar pattern: a dedicated MCP server whose sole responsibility is to store, manage, and retrieve agent workflow state. Instead of building custom database connectors, any agent can call the sidecar via standard MCP tool calls to persist intermediate results, track task progress, and maintain context summaries.
AI Intern, Caze Labs | Student, PES University and IIT-Madras, Caze Labs Private Limited
Advaith Sanil Kumar is an AI researcher and developer focused on building intelligent, context-aware systems. Currently an AI Intern at Caze Labs and contributor to open-source MCP ecosystem efforts under the Linux Foundation, he works on LLM testbeds, agentic systems, and prompt... Read More →
Joval Kuruvila is a Bengaluru-based AI/LLM Engineer with 2 years of experience building production-grade GenAI systems. Currently at Caze Labs Pvt Ltd, he specializes in agentic workflows (LangGraph), RAG pipelines, and real-time conversational AI. A B.Tech graduate, open-source contributor... Read More →
The Model Context Protocol (MCP) is rapidly becoming the standard for connecting LLMs to data sources and tools. However, as organizations move from local experimentation to global production, the default JSON-RPC over HTTP transport hits a "scale ceiling."
gRPC is already establish as a go to library for transport for enterprise services as it provide high throughput and better performance using protobuf and HTTP/2. gRPC has Service Mesh Integration, Observability, Enterprise security and many more features, which can be leveraged by the MCP Server and Clients.
This session show case a demo of using MCP with gRPC transport.
As a senior software engineer specializing in gRPC within Google's open source team, my focus lies in enhancing the performance and usability of networking systems for applications. My previous experience includes working with Cumulus Linux and Cisco NxOS on network forwarding pl... Read More →
MCP tools give AI agents direct access to external services - production databases, internal APIs, third-party platforms. But most teams deploying MCP today have no answer to a simple question: who authorized that tool call?
MCP has made remarkable strides in standardizing agent-to-tool connectivity - but AuthN and AuthZ at the tool invocation layer remain an open problem. Tool calls are dynamic and runtime-driven; static Kubernetes RBAC has no vocabulary for per-tool, per-agent, or per-parameter enforcement. There is no native spec primitive to say "only this agent can call this tool."
In multi-tenant environments this gets worse - one misconfigured agent can invoke tools across tenant boundaries and nobody finds out until the damage is done. Teams filling this gap today are relying on custom middleware, app-level checks, or nothing at all.
This talk explores where MCP's authorization model falls short and how policy-as-code closes the gap - with Kyverno as one strong implementation path. The session walks through real ClusterPolicy configurations, multi-tenant isolation patterns, and hard-won lessons from tuning enforcement without breaking production agents.
Site Reliability Engineer, Improving Pune (Infracloud)
Oshi Gupta works as a Site Reliability Engineer at Improving Pune (Infracloud). She is a CNCF Kubestronaut , AWS Solutions Architect-Associate certified and LFX mentee for CNCF Kyverno.
Sonali Srivastava is a Senior Developer Advocate at Improving, Co-chair KubeCon India 2026, and Co-organizer CNCF Women in Cloud Native. With experience across system administration, open source contribution and developer advocacy, she focuses on bridging gap between developers and... Read More →
Single agents calling MCP tools is a solved problem. Multi-agent swarms, where several agents coordinate on the same task, isn't.
The moment you go from one agent to three, you hit a set of problems that MCP itself doesn't solve and that most orchestration frameworks only paper over: how do agents share state without drowning each other in JSON, how do you isolate their execution when they're all touching the same files, and how does one agent pick up where another left off?
This talk walks through those three problems using a concrete example: a code review swarm. Three specialized reviewer agents (style, security, test coverage) work on the same PR in parallel. A fourth, a developer agent, reads their findings and applies the fixes. Each agent runs in its own isolated sandbox. They collaborate through a shared filesystem rather than by passing context in prompts.
This is a technical deep dive covering: - why traditional file storage mechanisms are not optimized for agentic workloads - why shared workspaces are better than passing state through prompts or RAG lookups - why isolation boundaries are important when agents execute code
Vikram Vaswani is a developer advocate, open source consultant, and technical author with 20+ years of experience helping teams adopt and scale open source technologies. He is the author of seven books published by McGraw-Hill and Pearson, with translations in multiple languages... Read More →
Most developers encounter MCP as a way to give chat assistants better tools. This talk blows that ceiling off. Using two open-source projects, Appium MCP and AppClaw, we'll show how MCP becomes the backbone of a fully autonomous agent that controls real Android and iOS devices without a human in the loop. The agent perceives a live UI tree, reasons about what to do next, calls MCP tools to act, observes the result, and loops handling stuck states, recovering from failures, and decomposing multi-app goals on its own. We'll go deep on the architecture decisions that make this work in production: how dynamic tool discovery lets the agent adapt to new capabilities at runtime without code changes; how parsing raw UiAutomator2/XCUITest XML into compact representations makes mobile UI fit inside an LLM context window; why dual vision (DOM-first with screenshot fallback) beats either strategy alone; and how stuck detection transforms a fragile demo into a reliable engineering tool. Attendees will leave with a concrete mental model for building agentic systems on MCP and an understanding of why the protocol matters far beyond tool-calling alone. https://github.com/appium/appium-mcp
I am a Director of Engineering at LambdaTest with a decade of experience in testing mobile applications and building automation frameworks. As an active contributor to Appium and a member of the Appium organization, I am deeply involved in the open-source community. I am passionate... Read More →
Srinivasan Sekar is the Director of Engineering at TestMu AI (formerly LambdaTest). He is the author of "The MCP Standard" and has a strong passion for contributing to open source projects. As an Appium Member, he has contributed to several open-source repositories, including Selenium... Read More →
Securely database connections in MCP based Agentic applications has become a critical challenge. Traditional approaches for connectivity introduce risks such as prompt injection, over-permissioned access, and lack of observability.
This talk introduces the Model Context Protocol (MCP) Toolbox for Databases, an open-source framework that standardizes how AI agents interact with data systems. By treating database access as a structured, reusable, and secure set of tools, developers can enable agents to perform meaningful operations while maintaining strict control over data exposure. Toolbox secures your agentic workflows for resources or tool executions by acting as an OAuth 2.1 Resource Server that validates JWT Bearer tokens from your OIDC provider.
Through a real-world case study, we will demonstrate how to build an intelligent agent that combines semantic vector search with transactional workflows like inventory updates and cart management, all powered through a unified MCP configuration.
So join us to learn how MCP enables scalable, high-performance agentic architectures using efficient connection pooling, without compromising on security, observability, or control.
Shivay Lamba is a software developer specializing in DevOps, Machine Learning and Full Stack Development.
He is an Open Source Enthusiast and has been part of various programs like Google Code In and Google Summer of Code as a Mentor and is currently a MLH Fellow. He has also worked at organizations like Amazon, EY, Genpact. He is a Tensorflow.JS SIG member and community lead from In... Read More →
Software Application Development Apprentice, Google
I'm a passionate advocate for cloud-native technologies and an active contributor to the CNCF community. Currently I'm working as a Software Application Development Appprentice at Google (GCP Databases, MCP Toolbox) and I'm a LFX mentee in the CloudNativePG project. I was a participant... Read More →
Multi-agent MCP systems work beautifully in staging. They fail in production. We learned this the hard way: three agents, nine tools, accuracy that quietly degraded under real load, and a job that blew past its token budget before anyone noticed.
We weren't alone. Google DeepMind and MIT's December 2025 paper "Towards a Science of Scaling Agent Systems" measured up to 17× error amplification in naive multi-agent setups and found coordination yields negative returns past a saturation threshold. Separate work (MAFBench, 2025) shows framework design choices alone can cut planning accuracy by 30% and collapse coordination success from over 90% to under 30%. Most MCP deployments hit this wall and misdiagnose it as a model problem.
This talk walks through three failure modes - Infinite Loop, False Consensus, Silent Fallback with message traces, token costs, and detection times. We then introduce the "topology contract": a lightweight JSON schema embedded in MCP server metadata, compatible with the 2026 Server Cards roadmap. Additive to the spec, zero protocol changes.
Attendees leave with a reproducible benchmark suite and a schema they can adopt in an afternoon.
AI System Developer, Indian Institute of Information Technology, Nagpur
Jay Shukla is a CSE (AI/ML) student at IIIT Nagpur and a Research Intern at SVNIT Surat, working on energy time forecasting using deep learning. He is skilled in Python, TensorFlow, and Generative AI, and is also exploring Reinforcement Learning, with experience in building AI models... Read More →
Krishna Padia is a Computer Engineering student with a strong interest in technology, problem-solving, and innovation. She enjoys exploring new ideas and applying logical thinking to real-world challenges. With a curious mindset and a drive to learn, she actively engages in activities... Read More →
AI Systems Developer, Indian Institute of Information Technology, Nagpur
Rudra Pratap Singh is a CSE (AI/ML) student at IIIT Nagpur, Intern at Truxt.ai and Research Intern at IIT Mandi, working on medical imaging with deep learning. Skilled in Python, TensorFlow, and GenAI, he has built impactful AI systems and led hackathons, mentoring 60+ students.
Research Intern, Indian Institute of Technology Roorkee
Research Intern at IIT Roorkee (Prof. Sparsh Mittal). Second-year undergrad at IIIT Nagpur. Independent research on Destructive Rank Collapse in deep networks. Built a financial documents GenAI solution at scale. Experience in LiDAR 3D perception, synthetic EEG generation, and multi-GPU... Read More →
The default AI stack today ships user data to a cloud endpoint and hopes for the best. But regulations like GDPR, India's DPDP Act, and sector-specific mandates (healthcare, finance, defense) increasingly demand that sensitive data never leave the device or jurisdiction. This talk presents a working architecture that squares the circle: run frontier-class SLMs (Phi-3 Mini, Gemma 2B) locally via Meta's ExecuTorch runtime on Android, while using Anthropic's Model Context Protocol (MCP) as the orchestration layer that decides what runs where, which tools the model can access, and what data governance policies are enforced — all without a single byte of PII hitting an external server.
I am a senior technology and AI leader with over 17 years of experience building and scaling large-scale platforms across AI/ML, data engineering, distributed systems, and enterprise product engineering. An AI Researcher where he works at the intersection of AI strategy, platform... Read More →
The Model Context Protocol (MCP) standardizes context retrieval and tool execution, but granting LLMs access to dynamic execution environments introduces critical runtime vulnerabilities. Traditional containerization (e.g., Docker/containerd) introduces unacceptable latency overhead for sub-second agentic loops, while static IAM/RBAC models fundamentally fail to constrain non-deterministic generated code.
This technical session details the architectural implementation of embedding a WebAssembly (WASM) runtime within an MCP server to enforce a strict, capability-based execution boundary. We will deconstruct how to compile MCP tools to WASM modules and utilize the WebAssembly System Interface (WASI) to ensure that any logic invoked by an LLM is isolated from the host operating system.
Shuva is a Senior Principal Engineer at Palo Alto Networks architecting secure enterprise AI platforms. He is authoring two upcoming books: Engineering the Data Agent Control Plane (O'Reilly) and Agent Skills in Action (Manning). An open-source contributor and former OpenDaylight... Read More →