Safety by Design: Securing MCP Systems with Guardrails and Constraints
Details
Speaker: Robert Barnes
The Model Context Protocol (MCP) enables autonomous agents to take real actions in production systems, introducing security risks that traditional API models were not designed to handle. In MCP systems, safety cannot depend on prompts, agent behaviour, or client-side controls. It must be enforced by the server through deliberate design.
This talk examines how security in MCP differs from API security and why capability-level guardrails are essential. It explores patterns for least-privilege capability design, strict input constraints, blast-radius reduction, and protecting irreversible operations. Using vendor-neutral examples from deployment and operations workflows, the session shows how API-style designs can unintentionally expand attack surfaces, and how MCP-specific security patterns such as plan-before-apply, constrained capabilities, and server-enforced approvals reduce risk even when agents behave unpredictably.
Attendees will leave with a practical framework for building MCP servers that are secure by design, along with an understanding of common security anti-patterns emerging in early MCP implementations.