BEGIN:VCALENDAR
VERSION:2.0
X-WR-CALNAME:mcpmumbai26
X-WR-CALDESC:Event Calendar
METHOD:PUBLISH
CALSCALE:GREGORIAN
PRODID:-//Sched.com MCP Dev Summit Mumbai 2026//EN
X-WR-TIMEZONE:UTC
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T030000Z
DTEND:20260614T125500Z
SUMMARY:Registration & Badge Pick-Up
DESCRIPTION:\n
CATEGORIES:REGISTRATION
LOCATION:Lotus Concourse\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:06b9a8df861bd301a3e151ca2377180a
URL:http://mcpmumbai26.sched.com/event/06b9a8df861bd301a3e151ca2377180a
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T043000Z
DTEND:20260614T053000Z
SUMMARY:Workshop: Building scalable\, edge-native\, production-grade MCP tools with RUST - Rajesh Sola\, KPIT
DESCRIPTION:The emergence of the Model Context Protocol is transforming how AI agents interact with tools\, data\, and real-world systems. However\, most early MCP implementations rely on high-level runtimes that are not well-suited for embedded and resource-constrained edge environments. This session explores how RUST enables a new class of high-performance\, memory-safe MCP servers designed specifically for Embedded Linux–powered edge devices.\n\nIn this tutorial\, I'll walk through building a lightweight MCP server\, bridging physical data sources into LLM-readable formats\, enabling intelligent agents to reason over live edge data using Rust.\n\n- Why MCP for Edge AI Systems?\n- Why RUST? \n- Building simple server using rmcp and testing with a client\n- Bridging physical word e.g. Sensors\, Telemetry\, File Systems and structuring LLM-readable context\, data pipelines\n- High-performance Edge MCP Runtime - Async & Concurrency Models for scalable communication (MQTT\, HTTP\, gRPC etc.)\n- Observability\, tracing & Debugging\n- Bring MCP in Agent loop\, Using Rig for orchestration\n- Deploying to target board\, cross compilation steps\n- Case Study: Building an Edge MCP Agent\, e.g. Telemetry and Diagnostics
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:7ce16d928880f86a0bc86f1212b057ba
URL:http://mcpmumbai26.sched.com/event/7ce16d928880f86a0bc86f1212b057ba
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T043000Z
DTEND:20260614T053000Z
SUMMARY:Workshop: Enabling MCP at Enterprise Scale: Navigating Authentication and Governance Challenges - Shannon Williams & Chris Urwin\, Obot AI
DESCRIPTION:**Space Limited - First Come\, First Served. &nbsp\;Please bring a fully charged laptop to the workshop**\n\nEnterprise adoption of the Model Context Protocol is accelerating — but the path from "MCP works on my laptop" to "MCP running securely across our organization" is windy and challenging.\n Building MCP servers isn't particularly hard. The real challenges are OAuth\, identity sprawl\, and the governance requirements your security team will eventually land on your desk.\n MCP servers should focus on tools\, resources\, and prompts — not rebuilding OAuth infrastructure from scratch every time. A dedicated identity and governance control plane absorbs that complexity once\, rather than forcing every server to solve it independently.\n In this workshop\, we will:\n 1. Demonstrate how to integrated MCP servers with identity management tools\n 2. Show how to tailor MCP authorization by groups and policies.\n 3. Work through real governance scenarios by filtering MCP calls for PII or code injection.\n 4. Demonstrate how MCP traffic can be captured via an MCP gateway and used for compliance\, monitoring and observability.\n \n You'll leave with a clear picture of the architectural decisions ahead of you\, and a better sense of what your security team is going to ask for before they sign off on scaling MCP adoption.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:293d966428f6da009084125d6d21c4fe
URL:http://mcpmumbai26.sched.com/event/293d966428f6da009084125d6d21c4fe
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T053500Z
DTEND:20260614T061000Z
SUMMARY:Morning Break
DESCRIPTION:\n
CATEGORIES:MEALS + BREAKS + SPECIAL EVENTS
LOCATION:Lotus Concourse\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:fb1eb5f66cf783da1f527fa4cb27014c
URL:http://mcpmumbai26.sched.com/event/fb1eb5f66cf783da1f527fa4cb27014c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T061000Z
DTEND:20260614T071000Z
SUMMARY:Workshop: Beyond RAG: Building a Context Engine for Multi-Agent Systems Using MCP - Saradindu Sengupta\, Lytx Inc
DESCRIPTION:**Space Limited - First Come\, First Served. &nbsp\;Please bring a fully charged laptop to the workshop**\n\nAs agentic systems evolve from single-step tasks to orchestrated workflows\, maintaining structured\, evolving context becomes a core engineering challenge. While Retrieval-Augmented Generation (RAG) improves access to information\, most implementations treat the knowledge source as a static\, read-only repository\, making it difficult to capture relationships\, causality\, and decision history across sessions.\n \n This hands-on workshop focuses on operationalising a context engine using MCP—showing how to build a system where agents can read\, write\, and reason over shared structured context.\n \n Participants will work through a guided implementation to:\n \n * Design a minimal context graph schema for a real-world workflow.\n * Ingest and normalise data into a structured representation.\n * Expose the context layer via MCP servers.\n * Enable agents to query and update context through MCP tools.\n * Persist reasoning state across sessions and agent boundaries.\n \n By the end of the session\, attendees will have built a working foundation for a context engine and understand how to evolve it into a shared context layer for multi-agent orchestration.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:1a6cbf3c13831467101581f39364190d
URL:http://mcpmumbai26.sched.com/event/1a6cbf3c13831467101581f39364190d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T061000Z
DTEND:20260614T071000Z
SUMMARY:Workshop: Building Production-Ready MCP Servers: Lessons From an Open Source Template - Abhishek Kumar & Deepak Koul\, Red Hat
DESCRIPTION:**Space Limited - First Come\, First Served. &nbsp\;Please bring a fully charged laptop to the workshop**\n\nMost MCP tutorials stop at "hello world." This session goes further. We will walk through how we built a production-grade\, open source MCP server template at Red Hat\, covering FastMCP + FastAPI integration\, multiple transport protocols (HTTP\, SSE\, streamable-HTTP)\, OAuth with PostgreSQL token storage\, structured logging\, and OpenShift deployment manifests. Attendees will leave with a clear mental model of what it actually takes to go from a local MCP prototype to something you can run in production on Kubernetes. We will also share the design decisions we made\, the mistakes we avoided\, and how developers can use this template as a starting point for their own MCP servers.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:e22db51bdc0acbfedb24fd1e22cdef33
URL:http://mcpmumbai26.sched.com/event/e22db51bdc0acbfedb24fd1e22cdef33
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T071500Z
DTEND:20260614T084500Z
SUMMARY:Attendee Lunch
DESCRIPTION:\n
CATEGORIES:MEALS + BREAKS + SPECIAL EVENTS
LOCATION:Lotus Concourse\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:aaa77a66a343f78a2f0fbc1c5ee89e84
URL:http://mcpmumbai26.sched.com/event/aaa77a66a343f78a2f0fbc1c5ee89e84
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T085000Z
DTEND:20260614T094000Z
SUMMARY:Keynotes To Be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:3d56c62c81eefd4c79c417886661ec5c
URL:http://mcpmumbai26.sched.com/event/3d56c62c81eefd4c79c417886661ec5c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T095000Z
DTEND:20260614T101500Z
SUMMARY:Building Rich AI-Native UI for Agentic Interactions Using MCP Apps - Ashita Prasad\, AWS
DESCRIPTION:AI Agents are getting smarter with each passing day. But\, their interfaces? Not so much. But\, what if there is a way to turn the AI chat from a place where you converse into a place where you can actually work? MCP Apps offer a solution to go beyond the text and standardize how MCP servers can deliver rich\, bidirectional UI components like dashboards\, forms\, interactive visualizations & more. These components are rendered securely and natively within AI hosts\, enabling agents to interact with users via rich interactive interfaces. In this session\, attendees will learn: - Core architectural patterns from real MCP Apps development - How to handle sandboxed host–server communication\, manage state synchronization\, stream real-time updates\, handle async tasks\, & add multiplayer collaboration - How to leverage context and persist memory across conversations - How to avoid some common pitfalls and utilize debugging workflows and tools - How to add authentication & deploy a remote MCP Server providing MCP Apps We will walk through a complete\, production-style Sales Analytics MCP Apps and perform a code deep-dive to showcase the effective foundational patterns while building MCP Apps.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:96650615d0f627f68d28638a52708bf5
URL:http://mcpmumbai26.sched.com/event/96650615d0f627f68d28638a52708bf5
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T095000Z
DTEND:20260614T101500Z
SUMMARY:The Illusion of Idempotency: Why MCP Actions Aren’t as Safe as You Think - Prerit Munjal\, Groupon
DESCRIPTION:We design MCPs assuming idempotency\, apply the same action twice nothing changes\, reconcile repeatedly\, and state is declarative. But in reality\, most MCP actions are only partially idempotent\, because beneath the abstraction external systems mutate independently\, side effects escape the control plane\, ordering of operations matters\, and “same input” doesn’t always mean “same result”. At scale\, MCPs rely on many things like reconciliation loops\, declarative APIs\, retry-based execution. We’ll unpack how MCPs unintentionally\, violate idempotency through hidden side effects\, depend on ordering guarantees that don’t exist\, produce divergent states under retries\, mask unsafe operations behind “safe” abstractions. This isn’t a talk about retries or Kubernetes patterns. There are no controller frameworks\, just a deeper examination of why MCPs aren’t as safe as we assume\, and how to design them with fewer hidden risks. Because the most dangerous systems aren’t the ones that fail. They’re the ones you believe are safe to retry.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:79bd7d103e2b7c2ad10aed5edfd724eb
URL:http://mcpmumbai26.sched.com/event/79bd7d103e2b7c2ad10aed5edfd724eb
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T095000Z
DTEND:20260614T101500Z
SUMMARY:Who's Calling? Bringing Identity To the MCP Host - Ayesha Dissanayaka\, WSO2
DESCRIPTION:The MCP authorization spec gives us a clean OAuth 2.1 story between clients and servers. What it leaves out of scope is the host itself\, the AI agent orchestrating the conversation. That's where enterprise deployments quietly break. An MCP host is not a passive pipe. It accepts requests from users\, services\, and peer agents\, reasons with LLMs\, and invokes tools across many servers. Every edge is an identity boundary. Without a first-class host identity\, no stable credentials\, no verifiable delegation\, no independent audit trail\, every downstream decision inherits that ambiguity. Who made this tool call? The user? The agent on their behalf? The agent autonomously? Most deployments cannot answer\, so they cannot enforce least privilege or satisfy audit. This talk treats the MCP host as a first-class identity through four disciplines: Administer (lifecycle\, credentials)\, Authenticate (how a host proves itself)\, Authorize (delegation vs. impersonation\, token exchange\, actor claims)\, and Audit (trails that separate agent action from user intent). For each\, we'll show what the spec covers\, where the gap sits\, and which extensions and emerging patterns are converging to close it.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:2bcdb1ccb43f96a6e12d727ef856188b
URL:http://mcpmumbai26.sched.com/event/2bcdb1ccb43f96a6e12d727ef856188b
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T101500Z
DTEND:20260614T104000Z
SUMMARY:Agentless Agents: Replacing Sidecar Observability With eBPF + MCP Tool Chains - Harini Anand\, IBM
DESCRIPTION:The dominant observability pattern for AI agents today is layered agents: sidecars\, daemon sets\, exporters. Each adds blast radius. This talk proposes flipping the model\, using eBPF for zero-agent kernel telemetry\, exposing it via MCP\, and letting the LLM itself do the orchestration across tool calls. I'll demo a concrete multi-tool MCP interaction: an LLM receives "why is this service slow?"\, autonomously calls get_recent_process_execs\, correlates with get_active_connections\, and follows up with get_high_syscall_latency\, forming a causal chain from kernel truth to natural language diagnosis. No pre-scripted runbook. No human in the loop. The talk goes deep on failure modes specific to this architecture: tool-call loops triggered by ambiguous latency signals\, hallucination risk when eBPF data is sparse\, and retry/fallback strategies when kernel probes detach under load. We'll also cover how to design MCP tool responses that constrain LLM reasoning toward actionable conclusions\, not just open-ended exploration. Attendees leave understanding how to architect kernel-aware agentic systems that are genuinely production-safe.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:aa5188c1c75bbb8f403aa38cedeacf3e
URL:http://mcpmumbai26.sched.com/event/aa5188c1c75bbb8f403aa38cedeacf3e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T101500Z
DTEND:20260614T104000Z
SUMMARY:Building an Enterprise MCP Registry: Secure Discovery\, Governance\, and Reuse at Scale - Kushagra Mittal\, Motorola Solutions & Dhruv Agarwal\, Motorrola Solutions
DESCRIPTION:As enterprises scale AI operations to support hundreds of agents and thousands of users\, they inevitably hit an architectural wall. The friction points fall into three categories: visibility\, control\, and reuse. Teams struggle to discover existing agents and MCP servers across a large organization\, platform teams need to govern publication and enforce security\, and siloed groups waste time rebuilding capabilities that already exist. Without a centralized registry\, agent sprawl grows\, compliance risk increases\, and critical knowledge stays trapped in local teams. In this session\, we will share how the Motorola Solutions Platform Engineering team addressed this bottleneck by building a shared discovery and governance layer for internal AI resources. We will unpack the patterns behind our internal MCP catalog\, including agent and prompt versioning\, team-based visibility controls\, approval workflows\, and automated security scanning before resources are broadly shared. We focus on what broke early\, and what won trust first. Attendees will leave with a practical\, vendor-agnostic blueprint for making MCP resources easier to discover\, safer to publish\, and more reusable at enterprise scale
CATEGORIES:ECOSYSTEM, REGISTRIES + PLATFORM INFRASTRUCTURE
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:c4cedab6d827f925be9ebad4d8ab8552
URL:http://mcpmumbai26.sched.com/event/c4cedab6d827f925be9ebad4d8ab8552
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T101500Z
DTEND:20260614T104000Z
SUMMARY:The MCP Trust Gap: I Tested 65 MCP Servers Across 4 Directories — Here's What Nobody Measures - Manav Agarwal\, AgentProof
DESCRIPTION:56\,000+ MCP servers are listed across mcp.so\, Smithery\, Glama\, and PulseMCP. But how do you know which ones actually work? I independently mapped 4 major MCP directories and tested 65+ servers across Research\, Code\, and Finance categories. The results expose a critical trust gap. Each directory measures something different — none measure what matters most: - mcp.so (19.5K servers): Zero quality signals - Smithery (4.4K): Tracks uptime\, not output quality - Glama (21K): Grades code quality\, not correctness - PulseMCP (11K): Tracks popularity only Key findings I'll share: 1. Quality collapse at scale — Developer Tools has 8\,800 servers but only ~12 are consistently good (0.1% quality rate) 2. The Finance/Payments desert — 74 Finance servers out of 19\,557 (0.4%). Fewer than 8 support agent-to-agent payments across 14 protocols I analyzed 3. A practical framework for MCP server trust — beyond code grades to actual output quality assessment This is independent research\, not a product pitch. Full dataset and methodology shared openly. Attendees leave with the first cross-directory quality analysis of the MCP ecosystem and a framework for evaluating servers.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:f4b4468747130a67036d19cc60e14396
URL:http://mcpmumbai26.sched.com/event/f4b4468747130a67036d19cc60e14396
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T104000Z
DTEND:20260614T110500Z
SUMMARY:The Handoff Hallucination: Why Agents Skip Steps and How To Catch It - Ujjwal Kumar Singh\, Skeps
DESCRIPTION:In multi-step agent workflows\, correctness isn't just about what the system returns\, it's about how it got there. An agent can claim "approval verified" without actually calling the approval service. The response looks valid\, logs appear complete\, and schema checks pass yet a critical step was skipped. This is process hallucination. In financial and compliance workflows\, skipping a required step isn't a bug\, it's a violation. Current testing approaches focus on outputs\, not execution paths. As a result\, these failures remain invisible until they cause real damage. This talk introduces a Step Verification Layer\, a deterministic check that validates whether required actions were actually executed\, not just claimed. By defining allowed sequences of actions and verifying execution against them\, teams can detect skipped steps\, invalid transitions\, and silent process failures before they reach production. A valid execution trace is not the same as a correct one. This talk is about verifying the difference.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:668914199f89f40463aa38fbcd687c04
URL:http://mcpmumbai26.sched.com/event/668914199f89f40463aa38fbcd687c04
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T104000Z
DTEND:20260614T110500Z
SUMMARY:OAuth Isn't Enough: Confused Deputy in Multi-Agent MCP Pipeline - Sankalp Sandeep Paranjpe\, Big4 Consulting Firm; Vishal Alhat\, AWS
DESCRIPTION:OAuth-based authentication is becoming the default foundation for MCP-enabled systems. However\, while authentication is standardized\, authorization across agent boundaries remains unresolved.\n \n In multi-agent MCP pipelines\, orchestrators delegate tasks to sub-agents that act using the user’s authority. This creates a classic confused deputy problem: a sub-agent executes with valid credentials\, but under the influence of untrusted inputs such as prompt injections or malicious tool manifests. As a result\, it can access or exfiltrate data beyond the user’s original intent.\n \n This talk demonstrates how privilege propagation\, not authentication failure\, is the core risk.\n \n I will present a three-layer enforcement model:\n \n 1) Token attenuation using RFC 8693 to restrict sub-agent privileges at delegation time\n 2) Policy enforcement using Open Policy Agent to treat every tool call as untrusted input\n 3) Structured audit trails to ensure post-incident analysis\n \n Live demo: the same MCP pipeline executed twice\, first with default delegation (resulting in silent data exfiltration via prompt injection)\, and then with all three controls applied\, where the attack is blocked\, logged\, and auditable.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:c94a348840144359345bfd107d9e44d2
URL:http://mcpmumbai26.sched.com/event/c94a348840144359345bfd107d9e44d2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T104000Z
DTEND:20260614T110500Z
SUMMARY:Operationalizing MCP: Security\, Control Planes\, and Risk Governance - Sagar Dashora\, JPMorgan Chase & Co
DESCRIPTION:As the Model Context Protocol (MCP) emerges as a standard interface for connecting models\, agents\, and tools\, organizations are exploring MCP servers while also evaluating the operational and security implications of adopting them at scale. This session proposes the solutions and guardrails to address the common security issues such as lethal trifecta\, tool poisoning and access misuse. The talk will outline how MCP registry\, control planes\, secure gateways and trust boundaries a work together to enable risk governance\, security\, and operational reliability across agent and MCP ecosystems. While examples may reference specific approaches\, the session remains implementation-neutral and focuses on how these controls collectively establish a safe and scalable MCP environment. Attendees will gain a holistic understanding of how layered controls can address the security concerns and operational risks associated with MCP servers\, helping organizations move toward trusted\, scalable MCP ecosystems.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:115139b14af35ce0d775b6301ee2423d
URL:http://mcpmumbai26.sched.com/event/115139b14af35ce0d775b6301ee2423d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T111000Z
DTEND:20260614T114000Z
SUMMARY:Afternoon Break
DESCRIPTION:\n
CATEGORIES:MEALS + BREAKS + SPECIAL EVENTS
LOCATION:Lotus Concourse\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:61b85c97862dfe9ff5042cf38b0e7a2f
URL:http://mcpmumbai26.sched.com/event/61b85c97862dfe9ff5042cf38b0e7a2f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T114500Z
DTEND:20260614T121000Z
SUMMARY:The State Sidecar: Solving the MCP Stateless Paradox - Joval Kuruvila\, Caze Labs Private Limited & Advaith Sanil Kumar\, Caze Labs
DESCRIPTION:There is a fundamental contradiction at the heart of production deployments for the Model Context Protocol (MCP). Conceptually\, MCP sessions are stateful: they establish connections\, negotiate capabilities\, and persist context. However\, modern deployment environments—like Kubernetes horizontal scaling\, serverless functions\, and AWS Bedrock AgentCore—are inherently stateless. The current ecosystem advice is simply to "externalize your state\," but there is no standardized infrastructure for doing this natively within MCP. Developers are forced to build ad hoc memory management using custom Redis wrappers or brittle in-memory dictionaries. This session introduces the State Sidecar pattern: a dedicated MCP server whose sole responsibility is to store\, manage\, and retrieve agent workflow state. Instead of building custom database connectors\, any agent can call the sidecar via standard MCP tool calls to persist intermediate results\, track task progress\, and maintain context summaries.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:f9f89dae37a3c27401c276acf35b440b
URL:http://mcpmumbai26.sched.com/event/f9f89dae37a3c27401c276acf35b440b
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T114500Z
DTEND:20260614T121000Z
SUMMARY:Scaling AI: gRPC as Transport Backbone for Enterprise MCP - Pawan Bhardwaj\, Google
DESCRIPTION:The Model Context Protocol (MCP) is rapidly becoming the standard for connecting LLMs to data sources and tools. However\, as organizations move from local experimentation to global production\, the default JSON-RPC over HTTP transport hits a "scale ceiling." gRPC is already establish as a go to library for transport for enterprise services as it provide high throughput and better performance using protobuf and HTTP/2. gRPC has Service Mesh Integration\, Observability\, Enterprise security and many more features\, which can be leveraged by the MCP Server and Clients. This session show case a demo of using MCP with gRPC transport.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:cd9e509f5741401db634140af0d892fd
URL:http://mcpmumbai26.sched.com/event/cd9e509f5741401db634140af0d892fd
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T114500Z
DTEND:20260614T121000Z
SUMMARY:Closing the AuthZ Gap in MCP: Policy-Driven Tool Invocation Control - Oshi Gupta\, Infracloud Technologies - An Improving Company & Sonali Srivastava\, Improving
DESCRIPTION:MCP tools give AI agents direct access to external services - production databases\, internal APIs\, third-party platforms. But most teams deploying MCP today have no answer to a simple question: who authorized that tool call? MCP has made remarkable strides in standardizing agent-to-tool connectivity - but AuthN and AuthZ at the tool invocation layer remain an open problem. Tool calls are dynamic and runtime-driven\; static Kubernetes RBAC has no vocabulary for per-tool\, per-agent\, or per-parameter enforcement. There is no native spec primitive to say "only this agent can call this tool." In multi-tenant environments this gets worse - one misconfigured agent can invoke tools across tenant boundaries and nobody finds out until the damage is done. Teams filling this gap today are relying on custom middleware\, app-level checks\, or nothing at all. This talk explores where MCP's authorization model falls short and how policy-as-code closes the gap - with Kyverno as one strong implementation path. The session walks through real ClusterPolicy configurations\, multi-tenant isolation patterns\, and hard-won lessons from tuning enforcement without breaking production agents.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:2bf2f545263b1aebdd033914f79f113f
URL:http://mcpmumbai26.sched.com/event/2bf2f545263b1aebdd033914f79f113f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T121000Z
DTEND:20260614T123500Z
SUMMARY:Orchestrating Agent Swarms With MCP\, Sandboxing and Shared Filesystems - Vikram Vaswani\, Developer Advocate
DESCRIPTION:Single agents calling MCP tools is a solved problem. Multi-agent swarms\, where several agents coordinate on the same task\, isn't. \n \n The moment you go from one agent to three\, you hit a set of problems that MCP itself doesn't solve and that most orchestration frameworks only paper over: how do agents share state without drowning each other in JSON\, how do you isolate their execution when they're all touching the same files\, and how does one agent pick up where another left off?\n \n This talk walks through those three problems using a concrete example: a code review swarm. Three specialized reviewer agents (style\, security\, test coverage) work on the same PR in parallel. A fourth\, a developer agent\, reads their findings and applies the fixes. Each agent runs in its own isolated sandbox. They collaborate through a shared filesystem rather than by passing context in prompts. \n \n This is a technical deep dive covering:\n - why traditional file storage mechanisms are not optimized for agentic workloads\n - why shared workspaces are better than passing state through prompts or RAG lookups \n - why isolation boundaries are important when agents execute code \n \n Includes live demo of swarm.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:283202d4560d93c43f20ac40fc9b2acd
URL:http://mcpmumbai26.sched.com/event/283202d4560d93c43f20ac40fc9b2acd
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T121000Z
DTEND:20260614T123500Z
SUMMARY:Building Autonomous Mobile Agents With MCP - Srinivasan Sekar & Sai Krishna\, TestMu AI
DESCRIPTION:Most developers encounter MCP as a way to give chat assistants better tools. This talk blows that ceiling off.\n Using two open-source projects\, Appium MCP and AppClaw\, we'll show how MCP becomes the backbone of a fully autonomous agent that controls real Android and iOS devices without a human in the loop. The agent perceives a live UI tree\, reasons about what to do next\, calls MCP tools to act\, observes the result\, and loops handling stuck states\, recovering from failures\, and decomposing multi-app goals on its own.\n We'll go deep on the architecture decisions that make this work in production: how dynamic tool discovery lets the agent adapt to new capabilities at runtime without code changes\; how parsing raw UiAutomator2/XCUITest XML into compact representations makes mobile UI fit inside an LLM context window\; why dual vision (DOM-first with screenshot fallback) beats either strategy alone\; and how stuck detection transforms a fragile demo into a reliable engineering tool.\n Attendees will leave with a concrete mental model for building agentic systems on MCP and an understanding of why the protocol matters far beyond tool-calling alone.\n https://github.com/appium/appium-mcp
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:2bc2e3f4a0ecbe1fa7a1be64bad3da07
URL:http://mcpmumbai26.sched.com/event/2bc2e3f4a0ecbe1fa7a1be64bad3da07
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T121000Z
DTEND:20260614T123500Z
SUMMARY:Rethinking Agent–Database Access: A Secure Approach With MCP Toolbox - Shivay Lamba\, Qualcomm & Anushka Saxena\, Google
DESCRIPTION:Securely database connections in MCP based Agentic applications has become a critical challenge. Traditional approaches for connectivity introduce risks such as prompt injection\, over-permissioned access\, and lack of observability. This talk introduces the Model Context Protocol (MCP) Toolbox for Databases\, an open-source framework that standardizes how AI agents interact with data systems. By treating database access as a structured\, reusable\, and secure set of tools\, developers can enable agents to perform meaningful operations while maintaining strict control over data exposure. Toolbox secures your agentic workflows for resources or tool executions by acting as an OAuth 2.1 Resource Server that validates JWT Bearer tokens from your OIDC provider. Through a real-world case study\, we will demonstrate how to build an intelligent agent that combines semantic vector search with transactional workflows like inventory updates and cart management\, all powered through a unified MCP configuration. So join us to learn how MCP enables scalable\, high-performance agentic architectures using efficient connection pooling\, without compromising on security\, observability\, or control.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:deae7fe00df0bb222381fda6f1ef06e0
URL:http://mcpmumbai26.sched.com/event/deae7fe00df0bb222381fda6f1ef06e0
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T123500Z
DTEND:20260614T130000Z
SUMMARY:The Coordination Tax: Why Your MCP Multi-agent System Degrades at Scale\, and How To Fix It - Rudra Kushwah & Jay Shukla\, Indian Institute of Information Technology\, Nagpur; Shivaprasad Gowda\, Indian Institute of Technology Roorkee; Krishna Padia\, Shri Vil
DESCRIPTION:Multi-agent MCP systems work beautifully in staging. They fail in production. We learned this the hard way: three agents\, nine tools\, accuracy that quietly degraded under real load\, and a job that blew past its token budget before anyone noticed. We weren't alone. Google DeepMind and MIT's December 2025 paper "Towards a Science of Scaling Agent Systems" measured up to 17× error amplification in naive multi-agent setups and found coordination yields negative returns past a saturation threshold. Separate work (MAFBench\, 2025) shows framework design choices alone can cut planning accuracy by 30% and collapse coordination success from over 90% to under 30%. Most MCP deployments hit this wall and misdiagnose it as a model problem. This talk walks through three failure modes - Infinite Loop\, False Consensus\, Silent Fallback with message traces\, token costs\, and detection times. We then introduce the "topology contract": a lightweight JSON schema embedded in MCP server metadata\, compatible with the 2026 Server Cards roadmap. Additive to the spec\, zero protocol changes. Attendees leave with a reproducible benchmark suite and a schema they can adopt in an afternoon.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:2211e9a25d4b837795aad2f00252719e
URL:http://mcpmumbai26.sched.com/event/2211e9a25d4b837795aad2f00252719e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T123500Z
DTEND:20260614T130000Z
SUMMARY:Bringing the Cloud To the Edge — and Keeping the Data There: MCP-Orchestrated On-Device AI With Exe - Akkhil Gupta\, deduceTheLogic
DESCRIPTION:The default AI stack today ships user data to a cloud endpoint and hopes for the best. But regulations like GDPR\, India's DPDP Act\, and sector-specific mandates (healthcare\, finance\, defense) increasingly demand that sensitive data never leave the device or jurisdiction. This talk presents a working architecture that squares the circle: run frontier-class SLMs (Phi-3 Mini\, Gemma 2B) locally via Meta's ExecuTorch runtime on Android\, while using Anthropic's Model Context Protocol (MCP) as the orchestration layer that decides what runs where\, which tools the model can access\, and what data governance policies are enforced — all without a single byte of PII hitting an external server.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:7e73e81b35404dd98b589a4e4fcdb2b2
URL:http://mcpmumbai26.sched.com/event/7e73e81b35404dd98b589a4e4fcdb2b2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T123500Z
DTEND:20260614T130000Z
SUMMARY:Zero-Trust Execution: Sandboxing MCP Data Agents With WebAssembly - Shuva Jyoti Kar\, Palo Alto Networks
DESCRIPTION:The Model Context Protocol (MCP) standardizes context retrieval and tool execution\, but granting LLMs access to dynamic execution environments introduces critical runtime vulnerabilities. Traditional containerization (e.g.\, Docker/containerd) introduces unacceptable latency overhead for sub-second agentic loops\, while static IAM/RBAC models fundamentally fail to constrain non-deterministic generated code. This technical session details the architectural implementation of embedding a WebAssembly (WASM) runtime within an MCP server to enforce a strict\, capability-based execution boundary. We will deconstruct how to compile MCP tools to WASM modules and utilize the WebAssembly System Interface (WASI) to ensure that any logic invoked by an LLM is isolated from the host operating system.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:2bd8da6c77aaa2ee658e141b8949eb8d
URL:http://mcpmumbai26.sched.com/event/2bd8da6c77aaa2ee658e141b8949eb8d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260614T130000Z
DTEND:20260614T142500Z
SUMMARY:Attendee Reception
DESCRIPTION:\n
CATEGORIES:MEALS + BREAKS + SPECIAL EVENTS
LOCATION:Lotus Concourse\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:d7a63e8cfc2fad63487c44a8a1a4ee21
URL:http://mcpmumbai26.sched.com/event/d7a63e8cfc2fad63487c44a8a1a4ee21
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T030000Z
DTEND:20260615T120000Z
SUMMARY:Registration & Badge Pick-Up
DESCRIPTION:\n
CATEGORIES:REGISTRATION
LOCATION:Lotus Concourse\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:a657923bf2c55a01902851082e3d6f1d
URL:http://mcpmumbai26.sched.com/event/a657923bf2c55a01902851082e3d6f1d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T043000Z
DTEND:20260615T052500Z
SUMMARY:Keynotes To Be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:c716d19fc94c06692896ea1258539e3d
URL:http://mcpmumbai26.sched.com/event/c716d19fc94c06692896ea1258539e3d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T052500Z
DTEND:20260615T060000Z
SUMMARY:Morning Break
DESCRIPTION:\n
CATEGORIES:MEALS + BREAKS + SPECIAL EVENTS
LOCATION:Lotus Concourse\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:49e4f7f151738591484e7c75339402e2
URL:http://mcpmumbai26.sched.com/event/49e4f7f151738591484e7c75339402e2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T060000Z
DTEND:20260615T062500Z
SUMMARY:The Benchmark That Almost Convinced Us MCP Was Wrong - Ravi Madabhushi\, Scalekit
DESCRIPTION:We ran 75 benchmark runs comparing CLI and MCP for identical agent tasks. CLI won every efficiency metric. For the simplest task like identifying a repo's language — CLI used 1\,365 tokens. MCP used 44\,026. That's a 32x difference\, almost entirely schema overhead: 43 tool definitions injected into every conversation\, most never touched. CLI was also 100% reliable. MCP failed 28% of the time like TCP-level timeouts on a remote server that never responded. If we'd stopped there: use CLI\, skip MCP\, move on. But that benchmark tested one scenario: a single developer automating their own workflow. Not what production agent products look like. The moment your agent acts as your customer's employees inside their orgs\, across services they control — CLI becomes a liability. It inherits your credentials. Can't scope per user\, per org\, or per action. There'd be no audit trail and no consent as well. The data is real. CLI is faster\, cheaper\, simpler. For personal dev tools\, use it. But if you're building a product with data that belongs to someone else\, CLI works in demos. You won't catch the problem until a customer asks why your agent touched their Salesforce without asking.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:f152b6bda185c6047331b4da49126bfe
URL:http://mcpmumbai26.sched.com/event/f152b6bda185c6047331b4da49126bfe
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T060000Z
DTEND:20260615T062500Z
SUMMARY:The Invincible MCP Server: Building Crash-Proof AI Tools With Durable Execution - Shubham Londhe\, Temporal
DESCRIPTION:We All have been building AI Agents with MCP since it launched in 2024\, but there's one thing no one is talking about - "What happens when MCP Fails? (and they fail often). MCP is just a process and it can crash\, and so will the AI agent progress\, it all can vanish with a crash.\n \n Well\, the new Tasks primitive in MCP (SEP-1686) helps a lot\, it gives your AI agents a way to hand off long-running tools\, but it doesn't solve the real problem. They don't maintain the state when the server crashes.\n \n In this session\, I'll do a live demo of a Kubernetes Auto Healing AI Agent with MCP server and walk through how to wrap MCP tool logic in workflows that survive crashes\, restarts\, and network failures. \n I'll cover how to handle human-in-the-loop approvals inside long-running tools\, how to retries and state-management\, and how to observe what your MCP tools are doing in production. \n \n I'll be breaking a running server on stage and show you the agent recovering without losing a step. Hence "The Invincible MCP Server"
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:7ba126ce8f1866581eee7a9e62011fe2
URL:http://mcpmumbai26.sched.com/event/7ba126ce8f1866581eee7a9e62011fe2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T060000Z
DTEND:20260615T062500Z
SUMMARY:Why Most MCP Tools Fail Silently\, and How To Measure It - Om Shree\, Shreesozo
DESCRIPTION:Most MCP servers don't break because of bugs. They break because the tool descriptions are too vague for agents to reliably pick the right tool. Two research papers put numbers to this. A SAIL Research study of 856 tools across 103 MCP servers found 97% have at least one quality defect\, 56% don't clearly state what the tool does\, 89% give no guidance on when not to use it. A second study of 10\,831 servers found that well-written descriptions get selected 260% more often\, and fixing them raises task success rates by roughly 6 points. Working with the Glama founder\, I helped develop the Tool Definition Quality Score (TDQS) - an open source framework that scores every MCP tool across six dimensions: Purpose Clarity\, Usage Guidelines\, Behavioral Transparency\, Parameter Semantics\, Conciseness\, and Contextual Completeness. Each tool gets a 1–5 per dimension with specific feedback on what's missing and why it matters. This talk covers how TDQS was built\, what scoring thousands of real servers revealed\, and how server authors can use it to ship tools agents actually invoke correctly. The framework is open source and already live across Glama-hosted servers.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:cb4d8bf40686fcde104864779ee86b3a
URL:http://mcpmumbai26.sched.com/event/cb4d8bf40686fcde104864779ee86b3a
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T062500Z
DTEND:20260615T065000Z
SUMMARY:Rethinking Testing for MCP Servers - Puja Jagani\, BrowserStack
DESCRIPTION:MCP servers introduced a new kind of client: one driven by an LLM. Unlike traditional clients\, this one is non-deterministic. It can call tools in unexpected sequences\, with unpredictable inputs. We can’t reliably test how an LLM will call our tools. This makes the MCP server the only component under our control and the one that must be tested rigorously. A well-designed server is a well-tested server. While reviewing several popular MCP servers\, I found that “works correctly” often means testing happy paths and checking that tool descriptions exist. This talk introduces a practical testing model for MCP servers. Attendees will learn how to treat tool descriptions as functional contracts in their tests\, how to design tests that cover real-world and deliberate out-of-order tool call sequences\, essentially what an LLM would attempt\, and how to validate error channels so that\, when things go wrong\, the server returns errors that are actually useful for an LLM to recover or respond appropriately. These are practical techniques that can be applied immediately. The goal is to establish a testing mental model that can keep up with the fast-moving MCP ecosystem.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:59dc7edb305d7584e6355675b4c1ca27
URL:http://mcpmumbai26.sched.com/event/59dc7edb305d7584e6355675b4c1ca27
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T062500Z
DTEND:20260615T065000Z
SUMMARY:Who Watches the MCP Servers? Building Observability for the MCP Layer - Koteswara Rao Vellanki\, TransUnion
DESCRIPTION:I have nine MCP servers in production wrapping kubectl\, Prometheus\, Grafana\, OpenSearch\, and CI/CD. Three months in\, one started silently dropping tool calls. Connection pool exhausted but health checks passing. Logs clean.\n Agent did not raise any error. It stopped using that tool and started making up answers. For two weeks nobody caught it. Then one incident response went wrong because the agent was working with data it generated itself.\n After that I realised we are building this whole MCP layer with zero visibility into whether it is healthy. Normal monitoring does not catch these failures.\n So I built an observability platform for MCP servers. OpenTelemetry hooks that plug into any FastMCP server in two lines of code. Prometheus metrics built for MCP: tool call latency\, error rates\, connection pool usage. The important one is tool call frequency deviation. It tells you when an agent gradually stops using a tool. That is how you catch the worst failure: agent walking away from a broken server and hallucinating.\n In the demo I degrade a server on stage. Normal monitoring will not catch it. Frequency alert fires in under two minutes.\n Open-source\, packaged as a Helm chart.
CATEGORIES:ECOSYSTEM, REGISTRIES + PLATFORM INFRASTRUCTURE
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:a8baaa94200e33d9ffb7660bc6d9bdc0
URL:http://mcpmumbai26.sched.com/event/a8baaa94200e33d9ffb7660bc6d9bdc0
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T062500Z
DTEND:20260615T065000Z
SUMMARY:From Shadow MCP To Sanctioned MCP: Building an Enterprise Agent Governance Program - Navin Pai\, StackGen & Archana Rajkumar\, SentinelOne
DESCRIPTION:MCP has become the de-facto "standard" for exposing the external environment to agents\, but security has always been a trailing concern\, making a lot of platform teams sweat under the collar. Policy checks and tool-call authentication were tacked on quickly\, but are quickly being seen are necessary but not sufficient. This session zooms out from single-agent enforcement to the operational challenge security and platform teams actually face in 2026: dozens of agents\, hundreds of MCP server connections\, multiple clouds\, rogue tool registrations\, and no centralized visibility into what's running. This session presents a multi-stage maturity model for enterprise MCP governance\, to help take practitioners from "we have no idea what's running" to "every tool call is governed\, audited\, and compliant with internal policies"\, and shows how to build the program incrementally\, without boiling the ocean in the process and slowing down developer velocity.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:cbc911d4d6bd538056877fb8135b232b
URL:http://mcpmumbai26.sched.com/event/cbc911d4d6bd538056877fb8135b232b
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T065000Z
DTEND:20260615T071500Z
SUMMARY:MCP: The Gateway To Real-Time Human–AI Collaboration in Jupyter at Scale - Jake Diamond-Reivich\, Project Jupyter
DESCRIPTION:Jupyter Notebooks are critical medium for code\, data\, and ML\, demanding a paradigm shift for AI assistance. With Jupyter's real-time collaboration and cloud-native evolution\, it's becoming a powerful portal to a full data platform\, beyond mere notebooks. This session explores MCP as the essential framework for human-AI synergy within this expanded Jupyter ecosystem. Leveraging Jupyter's extensibility\, MCP expands its API\, opening gateways to services across the entire data\, ML\, and AI landscape. By extending Jupyter’s real-time collaborative models\, MCP enables AI agents to seamlessly co-create alongside human developers. This integration moves beyond traditional AI coding assistance\, fostering true parallel work without conflicting edits\, eliminating friction and accelerating development. The speakers will give the live demo showing how MCP provides the blueprint for connecting AI assistance directly with the Jupyter environment\, both locally and in the cloud. This empowers builders to redefine human-AI interaction and unlock unprecedented productivity across the entire AI development lifecycle – from data preparation and feature engineering to LLMs fine-tuning and evaluations.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:e3afadf808219bba91c849b3d9a9a485
URL:http://mcpmumbai26.sched.com/event/e3afadf808219bba91c849b3d9a9a485
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T065000Z
DTEND:20260615T071500Z
SUMMARY:Beyond 1:1 Mapping: Designing MCP for Real Enterprise Systems - Naresh Waswani\, Simpplr Inc. & Jyoti Notani\, Persistent Systems Ltd
DESCRIPTION:Many organizations exploring MCP already operate large microservice ecosystems. A common first instinct is to mirror that architecture directly—one microservice becomes one MCP server\, and each API becomes a tool. While simple in theory\, this often creates too many servers\, overlapping tools\, poor discoverability\, and unnecessary operational complexity. This session explores how to design MCP boundaries for real enterprise environments instead of copying existing service boundaries. I’ll walk through practical patterns for grouping capabilities\, aggregating multiple services behind task-oriented tools\, and exposing interfaces optimized for agents rather than internal architecture diagrams. We’ll also cover how different agents can safely consume shared MCP services\, along with key considerations such as ownership\, versioning\, permissions\, observability\, and scaling MCP across many teams. A short demo will show how a well-designed MCP layer can simplify complex multi-service workflows. If your organization already has dozens or hundreds of services\, this session will help you adopt MCP intentionally - without repeating old patterns in a new protocol.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:80a1fcc8fcc783105a30dc704441313d
URL:http://mcpmumbai26.sched.com/event/80a1fcc8fcc783105a30dc704441313d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T065000Z
DTEND:20260615T071500Z
SUMMARY:Your AI Chatbot Just Exposed Your CEO’s Salary To an Intern: Securing Enterprise AI Agents - Hasini Samarathunga & Sahan Dilshan\, WSO2
DESCRIPTION:Have you ever worried that your new AI Agent might be a little too helpful? Imagine an intern asking an HR chatbot\, "What is the CEO's salary?" and the bot\, designed to be helpful\, promptly fetches it. As we equip LLMs with tools via the MCP to query internal systems\, we introduce a significant data privacy risk if the agent cannot distinguish who is making the request. In this session\, we’ll explore the critical intersection of IAM and AI agents. You’ll see how to implement fine-grained access control and “on-behalf-of” user execution in MCP servers. By securely propagating user context\, an agent ensures that when the CEO queries salary data\, the data is delivered\, but when an intern makes the same request\, the system restricts it. We’ll also dive into the “Human-in-the-Loop” (HITL) pattern\, a safeguard that pauses high-risk actions for explicit human approval. You’ll learn how to design secure-by-default MCP architectures using standard authentication flows\, zero-trust permissioning\, and HITL workflows to keep your AI agents aligned\, controlled\, and trustworthy.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:4d8298fd97d0bf20616f5d8862612628
URL:http://mcpmumbai26.sched.com/event/4d8298fd97d0bf20616f5d8862612628
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T071500Z
DTEND:20260615T074000Z
SUMMARY:The Sticky Session Bottleneck: Why MCP Agent Orchestration Breaks When You Scale - Yuvraj Pradhan\, MIT ADT University & Archana Kumari\, MIT ADT University
DESCRIPTION:When we tried to scale our multi-agent MCP system beyond a single node\, the orchestrator broke immediately. Each model running on a different machine means the orchestrator had to track which models it called\, which responses arrived\, and which were pending. The moment the orchestrator restarted\, everything was gone. Models got called twice. Responses were lost. Consensus became inconsistent. Turns out this is the sticky session problem. And the ecosystem is still figuring it out. As SEP-1442 is moving MCP toward a stateless-by-default transport model. But most deployments still depend on session affinity. When you are orchestrating models across distributed nodes\, that dependency breaks everything. This talk covers what we learned designing around it: - Why multi-agent MCP orchestration creates hidden session dependencies - How to decouple consensus state from the orchestrator process using structured event logs - Migration patterns that preserve workflow correctness without session affinity - Stateless MCP is not just an infrastructure concern. It is what makes multi-agent consensus reliable at scale.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:e8b8d4d342fd427b67cd6c49df0cdbb7
URL:http://mcpmumbai26.sched.com/event/e8b8d4d342fd427b67cd6c49df0cdbb7
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T071500Z
DTEND:20260615T074000Z
SUMMARY:Stateful AI Agents: Building Consistent Systems With MCP and Distributed SQL - Nasiullha Chaudhari\, YugabyteDB & Vanshika Jain\, Brudite Private Limited
DESCRIPTION:An agent processes a payment\, hits a timeout\, and retries. Now the payment has been charged twice. The model didn’t hallucinate. The workflow did exactly what it was told. The problem is that nobody designed the agent to be safe under retry.\n \n This is a distributed systems problem.\n \n When agents read data\, take actions\, and write results back\, correctness depends on how state is managed across steps. Under retries or concurrent execution\, the same workflow can produce conflicting outcomes.\n \n This talk shows how to build stateful AI agents using the Model Context Protocol with a PostgreSQL-compatible distributed database. Instead of treating memory as embeddings\, we treat it as structured\, transactional state.\n \n You will learn how to design MCP tools for database operations\, manage multi-step workflows\, and handle failure modes such as retries and idempotency. We will also explore consistency tradeoffs in distributed systems.\n \n The session ends with concrete patterns for building reliable agents\, including idempotent tools and safe retry design.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:6107c7a2e4a2b4c13aa9ac064009172a
URL:http://mcpmumbai26.sched.com/event/6107c7a2e4a2b4c13aa9ac064009172a
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T071500Z
DTEND:20260615T074000Z
SUMMARY:Your MCP Server Is an Attacker's Dream: A Security Playbook From Real-World Assessments - Akash Mahajan\, KLOUDLE Inc.
DESCRIPTION:MCP servers are quickly becoming the default interface between AI agents and production systems. This speed has a cost. Most teams shipping MCP servers today are repeating the same security mistakes like overprivileged tool definitions\, missing input validation\, no transport-layer auth\, and blind trust in what the LLM sends downstream. This talk presents a practical security assessment playbook for MCP servers\, built from hands-on penetration testing and security assessments of real MCP deployments. We'll walk through the three-five most common vulnerability patterns seen in the wild. - tool poisoning - permission escalation - transport misconfiguration - server-side request forgery through tool arguments For each vulnerability class\, you'll see how the attack works\, why it slips past code review\, and what the fix looks like in practice. Attendees will walk away with a repeatable methodology for assessing the security posture of any MCP server before it hits prod. Whether they built it or adopted it.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:2a8b93fa507e3fdf9e0ff92de181188e
URL:http://mcpmumbai26.sched.com/event/2a8b93fa507e3fdf9e0ff92de181188e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T074000Z
DTEND:20260615T091000Z
SUMMARY:Attendee Lunch
DESCRIPTION:\n
CATEGORIES:MEALS + BREAKS + SPECIAL EVENTS
LOCATION:Lotus Concourse\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:680efd87b2646e422fb4a7fb0d8eaa6e
URL:http://mcpmumbai26.sched.com/event/680efd87b2646e422fb4a7fb0d8eaa6e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T091500Z
DTEND:20260615T101000Z
SUMMARY:Keynotes To Be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:8c7bd171ab5e8ab3ad58ff4375312a9f
URL:http://mcpmumbai26.sched.com/event/8c7bd171ab5e8ab3ad58ff4375312a9f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T102000Z
DTEND:20260615T104500Z
SUMMARY:Designing Low-Latency MCP Systems for High-Throughput Data Pipelines: Architecture and Bottlenecks\, - Partha Sarthy\, Applied Materials
DESCRIPTION:MCP simplifies AI-tool integration — but in high-throughput\, latency-sensitive pipelines\, its performance characteristics can quietly become the bottleneck. Iterative reasoning loops\, sequential tool invocations\, and context amplification compound in ways that are easy to miss in development and impossible to ignore in production. This talk presents a structured decomposition of end-to-end MCP latency — reasoning\, communication\, execution\, and coordination — giving engineers a precise framework for identifying where overhead actually lives. We then present targeted optimizations: parallel tool invocation\, streaming responses\, schema minimization\, and intelligent caching. The core architectural argument: MCP belongs on the control plane. Separating adaptive orchestration from data-plane execution preserves deterministic performance where it matters\, while keeping model-driven flexibility where it adds value. A fast path versus intelligent path pattern follows naturally from this separation. A case study comparing naive and optimized pipeline implementations makes the gains concrete.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:ec9a6b8275da7d3e4d2dfd7f823ac46e
URL:http://mcpmumbai26.sched.com/event/ec9a6b8275da7d3e4d2dfd7f823ac46e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T102000Z
DTEND:20260615T104500Z
SUMMARY:Where MCP Ends and A2A Begins: and Why That Seam Is Breaking Your Agents - Arushi Garg\, Adobe & MV Shiva\, Google
DESCRIPTION:Everyone's heard the AAIF framing: MCP handles agent-to-tool\, A2A handles agent-to-agent. Clean in theory. In practice\, every multi-agent system lives at the boundary of both\, and that boundary has no standard.\n Context gets dropped. Errors go silent. A state that survived an entire A2A task lifecycle vanishes the moment it crosses into an MCP tool call. Nobody is talking about this publicly.\n This session replaces the "vertical vs horizontal" mental model with something more honest: a precise seam diagram showing what each protocol guarantees\, what it doesn't\, and what falls into the gap. We'll go deep on MCP's Tasks primitive (SEP-1686)- including its two admitted gaps: no retry semantics\, no expiry policies. We'll map the real failure modes developers are hitting today\, drawn from open GitHub issues across both protocol repos.\n Then a live demo using Google's open-source A2A sample repo: no custom code. We'll run a real multi-agent task\, cross the protocol boundary\, sever the trace header\, and watch the silent failure happen in real time.\n You'll leave with a clear mental model\, a three-point failure checklist\, and a concrete picture of what the spec needs next.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:dc0a062b976d83ea59e024bcfb0a608e
URL:http://mcpmumbai26.sched.com/event/dc0a062b976d83ea59e024bcfb0a608e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T102000Z
DTEND:20260615T104500Z
SUMMARY:MCP Elicitation in the Wild: When Agents Ask for Too Much - Kaiwalya Koparkar\, Gravitee.io
DESCRIPTION:Elicitation is one of MCP's most powerful and least governed features. It lets servers request additional input from users at runtime\, enabling richer\, more dynamic agent interactions. But in production environments\, elicitation also opens a surface for agents to request sensitive data they shouldn't need\, bypass approval flows\, or trigger unintended actions under the guise of a helpful prompt. This session examines elicitation as a runtime governance problem: what it is at the protocol level\, where the security boundary sits between server and client\, and how to enforce limits on what agents can elicit without neutering the feature entirely. Drawing on real implementation experience\, the talk covers policy patterns for elicitation scope control\, audit logging of elicitation events\, and the UX tradeoffs of locking it down. Attendees will leave with a clear framework for deciding when elicitation is safe\, when it needs guardrails\, and how to implement those guardrails in a running MCP deployment.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:55908ef4b50619e8d082cc501dfb19ce
URL:http://mcpmumbai26.sched.com/event/55908ef4b50619e8d082cc501dfb19ce
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T104500Z
DTEND:20260615T111000Z
SUMMARY:100 Agents in 100 Days: Patterns and Anti-Patterns for MCP-Based Multi-Agent Systems - Harish Kotra\, Forge Alumnus
DESCRIPTION:Multi-agent systems on MCP are where most of the interesting architectural questions live: routing\, state\, retries\, coordination\, and what happens when any one of N tool calls misbehaves. Most talks on the topic are theoretical. This one is not. Since early 2026 I've published one new AI agent every day at dailybuild.xyz. Many of them are multi-agent: price-war simulations\, research pipelines\, a local agent orchestration studio\, a recursive research loop\, human-in-the-loop travel planners\, and a "swarm CFO" with policy-gated spend. Dozens of them plug into MCP servers. In this session I'll pull out the ten orchestration patterns I now use by default when MCP is in the mix\, and the ten I've thrown out. Topics include: why single-agent-with-many-tools usually beats a team of agents until it suddenly doesn't\; how to design a router that survives tool-name collisions across multiple MCP servers\; state strategies that don't rot\; retry and compensation patterns for idempotent vs non-idempotent tools\; Every pattern in the talk is tied to a specific public build with working code\, so attendees can go verify\, fork\, or challenge anything I claim.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:b0e24ce0ebcc51ec267fb1a0f7651133
URL:http://mcpmumbai26.sched.com/event/b0e24ce0ebcc51ec267fb1a0f7651133
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T104500Z
DTEND:20260615T111000Z
SUMMARY:Starling: Building a Pay-as-you-go MCP Server for Live Kubernetes Ops - Avinash Patil\, Warble Cloud
DESCRIPTION:Most MCP demos stop at "hello world over stdio." Shipping a production MCP server means answering harder questions: How do you authenticate callers? How do you meter usage? How do you safely hand an LLM a live Kubernetes cluster without giving it the keys to prod? This talk walks through Starling\, a production MCP server that exposes 17 Kubernetes tools — from list_pods to scan_cluster — to Claude\, Cursor\, and VS Code. It runs live on GKE at ops-mcp.warblecloud.com\, charges credits per tool call\, and handles ephemeral kubeconfigs without ever persisting them. We'll cover concrete design decisions: dual-transport architecture (stdio for desktop agents\, HTTP for remote)\, a Firestore-backed credit ledger with atomic per-tool debits\, mode-gated write tools (scale_deployment only when --mode=readwrite)\, and the security model for handing an LLM temporary cluster access. Attendees leave with a working mental model for turning an MCP prototype into a billable\, multi-tenant service — plus the exact auth\, transport\, and RBAC patterns they can lift into their own servers.
CATEGORIES:MCP PROTOCOL IN DEPTH
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:5f642db9bb83e26ef79ae5a294ab70a5
URL:http://mcpmumbai26.sched.com/event/5f642db9bb83e26ef79ae5a294ab70a5
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T104500Z
DTEND:20260615T111000Z
SUMMARY:Securing MCP Servers for the Enterprise: OAuth 2.0\, Keycloak\, and Spring Boot in Production - Vishal Singh\, Quest2travel
DESCRIPTION:The MCP spec mandates OAuth 2.0 for HTTP-exposed servers\, but most tutorials stop at "add a Bearer token." Enterprise deployments demand more: dynamic client registration\, tool-level authorization\, token introspection under load\, and audit trails for compliance. This session builds a production-grade MCP server with Spring Boot and the MCP Java SDK\, secured by Keycloak. We cover: mapping OAuth scopes to MCP tool permissions\, rate limiting per client credential with Bucket4j\, wiring OpenTelemetry traces through the MCP request lifecycle\, and handling edge cases at scale — token clock skew across distributed agents\, graceful degradation when the IdP is unreachable\, and preventing prompt injection from leaking privileged tool responses. Attendees leave with a working architecture adaptable to any identity provider and a clear mental model of where MCP security ends and application security begins. Breakdown: threat model (3 min)\, OAuth 2.0 + Keycloak layer (7 min)\, hardened Spring Boot server (8 min)\, edge cases from the field (5 min)\, architecture takeaway (2 min).
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:078012eae92711c31dce7d6ac952b2a6
URL:http://mcpmumbai26.sched.com/event/078012eae92711c31dce7d6ac952b2a6
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T111000Z
DTEND:20260615T113500Z
SUMMARY:What a Database Team Discovers Building an MCP Server - Sfurti Sarah\, Yugabyte & Heather Downing\, YugabyteDB
DESCRIPTION:Most MCP servers in production were built by AI teams. Meko's was built by a distributed SQL database team\, and the view from this side of the stack is different. Coming from storage\, some decisions were obvious from day one. Memory\, knowledge\, conversation history\, and structured data belong on one cluster\, not four. Tenant isolation is a schema problem. The datapack\, our per-agent namespace\, fell out of the same instinct that builds any multi-tenant database. Other decisions we only got right the second time. We started with a deployment model that gave every user their own MCP server\, and pivoted to a shared fleet once we saw how real usage patterns played out. We shipped tools for capabilities that turned out to belong in skills. We learned where the language model needed a tight\, opinionated surface and where it needed more room. This talk is the story of what we brought to MCP from the database side\, what we discovered once real agents started using it\, and the pivots we made\, including the ones still in flight.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:c43370d61861608989959fc5f1369f9f
URL:http://mcpmumbai26.sched.com/event/c43370d61861608989959fc5f1369f9f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T111000Z
DTEND:20260615T113500Z
SUMMARY:The AI-First Device Farm: Exposing Remote Hardware Infrastructure Via MCP - Kalyan Kolachala\, SymphonyAI Group India & Vaishali Shetty\, GetWell Network (SAI Group)
DESCRIPTION:For a geographically distributed Dev and QA team\, accessing physical Set-Top Boxes for debugging is a constant bottleneck. By deploying Remote MCP\, we transformed our physical STB testing lab into a shared\, AI-accessible platform. This talk covers the infrastructure needed to host Remote MCP servers that interface with a fleet of physical devices. We will explore how developers can now use their local AI assistants (like Claude) to securely connect to\, setup\, and debug remote STBs as if they were sitting on their desks.
CATEGORIES:ECOSYSTEM, REGISTRIES + PLATFORM INFRASTRUCTURE
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:3f648d3d86889cea1bf7ed8ed9b7a35b
URL:http://mcpmumbai26.sched.com/event/3f648d3d86889cea1bf7ed8ed9b7a35b
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T111000Z
DTEND:20260615T113500Z
SUMMARY:Agentic DX: Bringing Your IDP Into the IDE - Adnan Vahora & Dhwani Suthar\, Motorola Solutions
DESCRIPTION:Platform engineering has a chicken-and-egg problem: the platform needs adoption to justify investment\, but adoption requires onboarding that teams resist when deadlines are tight. Our internal developer platform hit this hard. It serves 4\,000+ developers across clouds and managed Kubernetes\, yet many teams found the portal too unfamiliar.\n We solved it with a second entry point built on MCP. Instead of learning a new UI\, developers get 30+ platform capabilities directly in IDE chat\, from namespace provisioning and Helm deployments to cost analysis and access management. An MCP App renders forms in chat\, developers approve and execute\, and a first deployment can happen with almost no onboarding.\n This session covers the production architecture: sandboxed iframe-based MCP Apps\, Elicitation for structured write approvals\, an Adaptive Tool Router that keeps 30+ tool schemas from flooding the context window\, a split between deterministic Agent Skills and ReAct reasoning\, and a safety layer with a sub-500ms kill switch plus delegated RBAC tied to existing permissions. Attendees leave with a practical blueprint for meeting developers where they already work.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:cd1c8af98b1ba9a9f30b4eaba4e3813e
URL:http://mcpmumbai26.sched.com/event/cd1c8af98b1ba9a9f30b4eaba4e3813e
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T113500Z
DTEND:20260615T120500Z
SUMMARY:Afternoon Break
DESCRIPTION:\n
CATEGORIES:MEALS + BREAKS + SPECIAL EVENTS
LOCATION:Lotus Concourse\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:e2555ab79521e99b8f5a1bcffed057e2
URL:http://mcpmumbai26.sched.com/event/e2555ab79521e99b8f5a1bcffed057e2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T120500Z
DTEND:20260615T123000Z
SUMMARY:Beyond Tool Calls: Unlocking Interactive\, Token-Smart Agents With MCP Apps - Suraj B\, HDFC Bank
DESCRIPTION:MCP Apps are reshaping what a Model Context Protocol server can do — turning text-only tool exchanges into rich\, interactive experiences embedded directly in the host. This session takes a builder's tour of the MCP Apps extension: core concepts\, target use cases (dashboards\, multi-step workflows\, human-in-the-loop confirmations)\, the security model\, and current limitations worth knowing before adoption. A central theme is the visibility paradigm — letting UI carry state the model doesn't need to see\, unlocking meaningful token savings on data-heavy flows. We'll cover iframe sandbox constraints\, postMessage patterns\, session-bound identity\, and prompt-injection defenses for sensitive actions. We will also cover existing protocol limitations and work going on to address the same in exp-apps working group. We close with a live Go-based demo executing a fund transfer flow end-to-end.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:d5639f5cf8ffd37edc58fcbec7217772
URL:http://mcpmumbai26.sched.com/event/d5639f5cf8ffd37edc58fcbec7217772
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T120500Z
DTEND:20260615T123000Z
SUMMARY:Building Interactive Tools With MCP Elicitation - Ashwin Hariharan\, Redis
DESCRIPTION:Most of us think of agent tools as vending machines - you put in the right input\, you get the right output. Put in the wrong input\, and you either get the wrong output or nothing at all. This breaks for complex workflows where context is incomplete or intent is ambiguous. The tool either guesses wrong or fails outright. No back-and-forth\, no clarification. Good AI tools built for conversation should explain what they need\, what they'll do\, and provide clear options. In this session\, we’ll look at how MCP elicitation works in practice across different workflows: covering ambiguous input\, missing context\, risky operations\, and auth flows. Attendees will leave with concrete patterns for designing tools that go beyond transactional APIs to collaborative multi-turn interactions.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:8433e2e4ad374442f4f4106703a342a0
URL:http://mcpmumbai26.sched.com/event/8433e2e4ad374442f4f4106703a342a0
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T120500Z
DTEND:20260615T123000Z
SUMMARY:Why Your MCP Server Needs Real Users — Implementing OAuth and Dynamic Client Registration for MCP - Tamil Vanan Karuppannan\, Arcesium & Achanandhi M\, EY
DESCRIPTION:ost MCP servers today ship with a simple setup: plug in an API key or a shared credential\, and you're good to go. That works fine for a weekend hack\, but the moment you bring MCP into an enterprise\, things start to fall apart. You don't want MCP clients storing static usernames and passwords — that's a security incident waiting to happen. You can't tell who did what\, you can't enforce fine-grained access control\, and your security team is not going to be happy. What enterprises actually need is for users to authenticate through their existing SSO\, get access to MCP servers based on who they are and what they're allowed to do\, and have every action tied back to a real identity for audit and compliance. In this talk\, we use the OpenSearch MCP Server as a concrete example to show why this matters and what we can do about it. We'll walk through extending the server to support OAuth 2.0 Authorization Code Flow with PKCE and Dynamic Client Registration (DCR)\, following the MCP authorization spec.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:b45f82fd4c4eb232ea4ccdb0cc148c3c
URL:http://mcpmumbai26.sched.com/event/b45f82fd4c4eb232ea4ccdb0cc148c3c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T123000Z
DTEND:20260615T125500Z
SUMMARY:Building an MCP Marketplace: Lessons in Discovery\, Versioning\, and Trust - Saurabh Mishra\, Optum/UnitedHealthGroup
DESCRIPTION:This talk shares practical lessons from building a marketplace for MCP servers covering how to design a discovery layer that goes beyond a simple registry\, handle versioning without breaking agent workflows\, and establish trust signals (author verification\, schema validation\, sandboxed execution scores) that developers can actually rely on. Attendees will walk away with concrete patterns for publishing and consuming MCP servers at scale\, and an honest look at what breaks when you try to standardize a fast-moving ecosystem.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:46999acc1fa7bac18dd8a4949ec4dda4
URL:http://mcpmumbai26.sched.com/event/46999acc1fa7bac18dd8a4949ec4dda4
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T123000Z
DTEND:20260615T125500Z
SUMMARY:Stop the Wild Goose Chase: Enterprise Agents With Goose - Ram Iyengar\, OpenSSF
DESCRIPTION:The promise of autonomous AI agents has sent engineering teams on a wild goose chase—juggling vendor lock-in\, unpredictable costs\, & security nightmares all for an agent to execute a simple workflow. Stop chasing and start building! Enter goose: the open-source\, general-purpose framework\, designed to run natively on your machine. It connects to any LLM. goose shifts the paradigm from fragile and remote to robust and local. In this talk\, we shall explore how to successfully architect and deploy goose within an enterprise environment. Chop through hype to demonstrate how goose leverages MCP to integrate with your choice of tools. More importantly\, we will tackle the critical enterprise realities of deploying autonomous agents: establishing strict token budgets\, implementing robust security guardrails to prevent destructive terminal commands\, and building "Custom Distros" to standardize AI workflows across your entire engineering organization. Automate mundane research\, streamline CI/CD\, or safely vibecode ― you will leave this session with a practical blueprint for making open-source agents work for your enterprise\, thanks to goose.
CATEGORIES:ENTERPRISE ADOPTION + INTEGRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:107223259441bfe6e90c7e3863438176
URL:http://mcpmumbai26.sched.com/event/107223259441bfe6e90c7e3863438176
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T125500Z
DTEND:20260615T132000Z
SUMMARY:MCP-Powered Ops: Red Hat Kubernetes MCP & Grafana MCP for Mission-Critical Applications - Rishi Nikhilesh Damerla & Sayantan Karmakar\, Motorola Solutions
DESCRIPTION:At Motorola Solutions\, downtime isn’t just an inconvenience—it’s a public safety risk where lives are at stake. This session explores how we revolutionized incident response for mission-critical applications by moving beyond fragmented tools and alert fatigue. Historically\, siloed data across Kubernetes and Grafana led to 45-minute MTTRs and manual context-switching. We will detail our adoption of the Model Context Protocol (MCP)\, specifically utilizing Red Hat Kubernetes and Grafana MCP servers to build an AI-assisted operations layer. Learn how this unified context allows an AI agent to correlate metrics with cluster states in seconds\, reducing MTTR to under 4 minutes while sustaining 99.99% uptime. We'll share our production architecture for natural language incident resolution and our "human-in-the-loop" approach that ensures SREs remain in control of all write operations. Attendees will leave with practical guidance on scaling reliability in regulated environments and empowering junior engineers with senior-level operational context. Discover how to turn fragmented data into a mission-critical intelligence amplifier.
CATEGORIES:AGENT ARCHITECTURE + ORCHESTRATION
LOCATION:Lotus 2\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:d47fcca292b581c7ef2ce817f0a28b85
URL:http://mcpmumbai26.sched.com/event/d47fcca292b581c7ef2ce817f0a28b85
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T125500Z
DTEND:20260615T132000Z
SUMMARY:The 5 Wrong Reasons To Build an MCP Server (And What To Do Instead) - Daniel Oh\, IBM
DESCRIPTION:MCP brings structure and standardization to how LLMs interact with tools and resources—but that power comes with cost. We’ve built multiple MCP servers across different use cases\, and not all of them should have existed. This session distills hard-earned lessons from real-world implementations: where MCP created long-term leverage\, where it introduced unnecessary complexity\, and where a direct API call would have shipped faster and cleaner. We’ll share a clear evaluation checklist you can use before starting your next build—so you choose MCP intentionally\, not reflexively.
CATEGORIES:BUILDING WITH MCP
LOCATION:Lotus 1\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:8bcf5c59ef01df8c8c02f11a8414de27
URL:http://mcpmumbai26.sched.com/event/8bcf5c59ef01df8c8c02f11a8414de27
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260516T105510Z
DTSTART:20260615T125500Z
DTEND:20260615T132000Z
SUMMARY:Who Do You Trust? Securing Multi-Agent MCP Systems in Healthcare - Yuvraj Pradhan\, MIT ADT University & Archana Kumari\, MIT ADT University
DESCRIPTION:An LLM caught my friend’s condition that doctors took two months to confirm. We asked: what happens when multiple specialised models review the same case together? We built ConsensusMed on MCP. Each specialist model for a medical domain runs as an independent MCP server\, and an orchestrator coordinates their outputs and decides what to trust when models disagree. Multi-agent clinical systems face real attack surfaces: - A malicious MCP server can exfiltrate OAuth tokens and impersonate legitimate users - Prompt injection in clinical reports silently shifts outputs before consensus - Tampered model weights corrupt findings with no OAuth scope catching it So we built a trust layer directly into MCP: - An MCP interceptor proxy redacts PHI using NER before any tool call reaches a specialist server - The chairman verifies SHA-256 hashes of model weights against Ed25519-signed manifests before spawning - Specialists run as stdio subprocesses. They never bind to a port. Network access is structurally impossible. For regulated environments\, we built an air-gapped MCP registry that operates entirely offline with cryptographic verification before execution.
CATEGORIES:SECURITY, IDENTITY + TRUST
LOCATION:Lotus 3\, Bengaluru\, Karnataka\, India
SEQUENCE:0
UID:cbe814d6d7297247756d81ae12b0daf6
URL:http://mcpmumbai26.sched.com/event/cbe814d6d7297247756d81ae12b0daf6
END:VEVENT
END:VCALENDAR