Security Holes in MCP Servers and How To Plug Them

The long-running joke so far has been “The S in MCP stands for security” and this is no secret as just about every organization is talking about it. Aside from prompt injections, MCP Server security is arguably the biggest issue in the AI security world right now.

With both stdio (like libraries/modules) and streamable http (an MCP Server sitting in someones environment), organizations need to ask themselves how they're implementing auth at both the system and user level to access these MCP servers (and from the Agents), what tools are exposed from the MCP Servers, and how the tunnel (from user/agent to MCP Server) is observed and secured.

In this session, you'll learn how to plug security holes by understanding the current standards (stdio and streamable http), authentication at both the system and user level (jwt, oAuth, and OIDC), and how to specify what tools should be exposed from MCP Servers with traffic policies.

AI and ML On Kubernetes For The Absolute Beginner

AI has been a popular topic, but there haven't been a lot of true engineering explanations behind it all.

For example, what systems can it run on, and more importantly, how can it run efficiently?

What's the engineering behind AI, GenAI, ML, and LLM's that make it all "tick"?

In this session, you will learn from an engineering perspective how AI and ML work under the hood on Kubernetes.

You'll learn about:
- Kubeflow
- How to train Models on Kubeflow
- Why Kubernetes is the perfect AI/ML platform
- How organizations save money by training models on AI/ML
- Installation steups

and perhaps most importantly, how it all ties into Kubernetes.

The combination of AI and Kubernetes isn't just a fad anymore, it's a topic that can be truly embraced by all engineers.

Join Michael Levan, Consultant, Trainer, and Content Creator on how you can truly understand how the most popular stack is truly working.

The Hybrid Kubernetes Platform Engineering Model

Platform Engineering is a term that's being thrown around the tech world as a new and popular method of implementing abstraction.

But how does it work on Kubernetes in a production scenario?

It comes down to a few topics:
- Kubernetes Operators
- Cluster API
- KubeVirt
- IDP's
- Crossplane

Operators allow you to extend the capability of Kubernetes. Cluster API gives you the ability to manage and build Kubernetes clusters WITH Kubernetes. KubeVirt makes it possible to manage VM's on Kubernetes. Crossplane extends the management of various resources outside of Kubernetes. To tie it all together, Internal Developer Platforms (IDP) gives an abstraction layer on top of complex tooling.

By tying all of the above together, you have a production-ready Kubernetes Platform Engineering environment.

Join Michael Levan, Consultant, Trainer, and Content Creator for a hands-on, engineering-focused, practitioner-led session on how to think about Platform Engineering on Kubernetes.

Platform Engineering is a term that's being thrown around the tech world as a new and popular method of implementing abstraction.

But how does it work on Kubernetes in a production scenario?

It comes down to a few topics:
- Kubernetes Operators
- Cluster API
- KubeVirt
- IDP's
- Crossplane

Operators allow you to extend the capability of Kubernetes. Cluster API gives you the ability to manage and build Kubernetes clusters WITH Kubernetes. KubeVirt makes it possible to manage VM's on Kubernetes. Crossplane extends the management of various resources outside of Kubernetes. To tie it all together, Internal Developer Platforms (IDP) gives an abstraction layer on top of complex tooling.

By tying all of the above together, you have a production-ready Kubernetes Platform Engineering environment.

Join Michael Levan, Consultant, Trainer, and Content Creator for a hands-on, engineering-focused, practitioner-led session on how to think about Platform Engineering on Kubernetes.

The Top k8s Security Concern By 55%: Misconfigurations. How can you mitigate?

Security is a tricky thing. Despite what we've seen from Hugh Jackman hacking into systems with 50 CRT monitors (who else has watched Sword?... I'm getting old), it really comes down to two things:

- Application Security
- Network Security

And in each of those categories, the absolute largest method of bad actors getting into applications and systems is misconfigurations... and unfortunately, it's incredibly easy to misconfigure a Kubernetes environment.

In this session, you'll learn about a few of the mitigation steps you can take for every Kubernetes environment which include:

- The 4C's of Kubernetes Security
- SecurityContexts
- Pod Security Standards
- Policy Enforcement
- Network Policies

and a few other goodies.

Remember - security is about mitigating as much as possible, but you'll never be able to stop everything.

Security Engineering: On-Prem and Cloud For Production

Security from a blue team perspective was always thought about in two ways:
1. Networks/systems
2. Software

A security engineer was either really good at securing software, really good at security networks and systems, or if they were lucky, both.

Now we're seeing an uptick in overall cloud security, which introduces topics like CDR, but more importantly, introduces a new attack surface.

Security Engineers now need to focus on both systems/networks and software.

In this session, we'll dive into:
1. Security Fundamentals and Best Practices
2. On-Premise Security Engineering vs Cloud Security
3. Implementing Cloud Security best practices
4. Notable tools needed to secure cloud environments (both paid and open-source)

GPUs On Kubernetes: How To Navigate The Graphical Landscape

With a larger need to run Data Models (LLMs/SLM/Standard Models) for AI workloads, GPU capabilities are necessary. The problem is that GPUs are expensive. If you look at the huge AI factories, they're spending billions of dollars on GPUs alone.

Just as Kubernetes helps engineers share resources across ephemeral stacks (Pods/Containers), it can also help engineers share GPU resources across Pods to not only keep cost and resource optimization low but to ensure the utmost performance, reliability, and scalability.

In this session, you'll learn why you want to run GPUs on Kubernetes and, from a hands-on perspective, how to deploy a cluster with GPU support. You'll also see how to connect Pods to Nvidia GPUs.

Wasm: The Next Iteration Of Developing Software

The founder of Docker said "If Wasm existed in 2008, Docker wouldn't exist". With that being said, it's safe to say that Wasm is the next iteration of application stacks.

In this session, everyone will learn about:
- Why Wasm exists
- The key differences between server-side Wasm and browser-based Wasm
- Cross-architecture complexities met with Wasm
- How you can use multiple languages for one binary
- How Wasm works with Docker and Kubernetes

And you'll learn it all both from a theory and hands-on perspective. This session will explain the "why" and then show the "how" by implementing it in real-time (viewers can follow along if they'd like).

Wasm On Kubernetes: Theory And Implementation

There was a time where discussions were occurring on Wasm being the next thing and "taking down" Kubernetes.

Then, everyone quickly realized that Wasm is a runtime, and because of that, it needs a place to run.

There are a ton of places where Wasm can run - locally, in serverless functions, on a VM, and even in Docker.

One of the best places for Wasm to run is with the world's largest orchestrator, Kubernetes.

In this session, you'll learn about:
1. How Wasm and Kubernetes work together.
2. How to create a Wasm binary via a container image.
3. How to run the Wasm binary in Kubernetes.
4. What runtime availability a k8s cluster needs to ensure that Wasm runs properly.

Is AI-Generated Code Secure? Let’s Find Out Together (Live!)

From cloud-native apps to containers, on-prem systems to web apps, securing the entire software development lifecycle (SDLC) remains a constant challenge, regardless of where your applications run. Application Security (AppSec) isn’t just about the code you write, it's also about the code you don’t.

In an era of AI-assisted development, developers are increasingly relying on large language models (LLMs) to generate code. But how secure is that AI-generated code?

In this interactive session, we’ll live-generate a backend application using the most capable LLM available at the time of the talk. We’ll then run real-world security scans and vulnerability analysis against the generated code to assess its security posture.

Come ready with questions. This will be a hands-on, engaging session that brings modern AppSec practices face-to-face with emerging AI development workflows.

AIOps in Action: Practical AI for DevOps and Platform Engineering

AI isn’t going away, but neither is the hype. As Linus Torvalds recently said, AI is “10% real and 90% marketing.” The good news? That 10% can lead to far more productivity in production.

In this session, we’ll cut through the BS hype and focus on the practical value of AI in DevOps and Platform Engineering. We'll dive into enhancing monitoring and observability, bug finding, generating infrastructure and application code, and DevSecOps/AppSec. AIOps offers real, usable advantages today, and you'll learn about them in this hands-on, real-world session.

You’ll walk away with a clear understanding of where AI actually fits into your workflows, how to avoid the fluff, and what tools and strategies can give your teams a measurable productivity boost.

Securing & Building Agentic OSS Environments

The most popular advancements in cloud-native technology at this time are LLMs and AI Agents, which can help you troubleshoot your environment, build new environments, and even template a codebase.

The two current problems are that there's no way to secure the traffic (e.g, reaching out to MCP servers, workload identity and authentication (SPIRE), and A2A), and Agents can't run by default in Kubernetes.

Luckily, there are two open-source tools to help with this.

In this session, you'll learn about two tools that can help you on this journey: agentgateway and kagent.

Observing Agentic /MCP Traffic & Keeping Costs Low

LLMs, Agentic Workloads, and MCP Servers are at the forefront of every engineering organization in the cloud-native realm. That's why there are two major questions coming up. 1). How can we observe metrics, OTel data, and usage. 2) How can we control cost.

When using agentgateway, organizations can not only observe metrics in a monitoring and observability solution for token usage, token count, and MCP requests, but can also limit cost and protect financial budgets.

In this session, you'll learn how to use agentgateway to produce Agentic and MCP traffic to get a visualization on what is going on within the environment at the observability level.

From Black Box to See-Through: Observing and Troubleshooting k8s & Agents with Kagent

How engineers look at an environments performance has always been the same; look at logs/traces/metrics and hope that something pops out at you to fix a problem. This involves "putting out fires" under serious pressure.

The same rules will apply in the world of agentic infrastructure except now, instead of looking at a standard environment or application, engineers will be combing through API calls and Token limits.

This session will showcase how to reinvent the way we look at performance optimization and observability within environments using kagent, an open-source tool designed to run AI Agents declaratively and natively on Kubernetes.