This session explains how to run Model Context Protocol systems safely in real production environments, where agents can call tools that touch sensitive data and high impact workflows. It covers the security model you need to treat MCP as a trust boundary, including capability based permissioning, least privilege access, and strict separation between read and write tools. It also dives into sandboxing strategies to reduce blast radius, such as isolating execution environments, enforcing data residency, and preventing untrusted context from influencing privileged actions. On the operations side, it focuses on observability that makes MCP explainable and auditable end to end, with the right telemetry to track who called what tool, why it was allowed, what data scope was accessed, and what outcomes were produced. Finally, it lays out governance practices for tool catalog versioning, contract stability, change control, and incident readiness so MCP adoption scales without turning into a security or compliance liability.

Technical requirements
This is a slide‑based session with no live demos. Attendees do not need to install or prepare anything in advance.
Target audience
Designed for architects, platform and security engineers, SRE and DevOps practitioners, and technical leaders responsible for operating or governing agentic systems and MCP servers in production environments.
Experience level
Intermediate to advanced. Basic understanding of APIs, identity and access control, and distributed systems is helpful. Prior hands‑on MCP experience is not required.
Preferred session duration
25 to 30 minutes, suitable for conference or forum slots, with optional short Q and A.
Session format
Technical conference talk focused on MCP security models, permissioning, sandboxing, observability, governance, and day‑2 operational considerations. No workshops or hands‑on exercises required.
First public delivery
Suitable for first public delivery. Architecture‑focused, and framed using generic enterprise examples.
Conference fit
Relevant for security, cloud, platform engineering, AI engineering, and enterprise architecture tracks.
Materials
Presentation slides only. No additional handouts or preparation required.
Audience takeaways
Clear understanding of MCP as a security boundary
Practical permissioning and sandboxing patterns
Key observability signals for operating MCP safely
Governance mindset for running MCP in production without increasing risk