The Model Context Protocol (MCP) is quickly becoming the “USB-C for AI,” connecting LLMs to external systems and data. But while MCP standardizes interoperability, authorization remains dangerously underdeveloped. Without proper access control, MCP servers risk enabling the “lethal trifecta” of data breaches: private data access, untrusted inputs, and external exfiltration.

This talk explores why authorization is essential in MCP, starting with the current limitations of local and remote MCP servers. We’ll then dive deep into AuthZed’s reference implementations and the SpiceDB Dev MCP server, showing how permission systems can be prototyped, tested, and enforced. A live demo will illustrate how fine-grained authorization can be built directly into MCP servers, giving platform engineers, SREs, and architects the tools to make AI integrations secure by design.