Tun Shwe and Jeremy Frenay from Lenses.io address the critical security and design challenges involved in moving Model Context Protocol (MCP) servers from local development to enterprise production. Effective agentic design is inseparable from security and here we propose five core principles such as shrinking the attack surface, constraining inputs and returning only essential data. Standard local setups fail under professional workloads, necessitating a shift to remote MCP servers and robust authentication frameworks. Detailed technical flows are provided for OAuth 2.1, comparing Dynamic Client Registration (DCR) with the more advanced Client ID Metadata Document (CIMD) approach for managing agent identities. Come learn how to adopt the correct mindset for building enterprise-grade agentic AI systems with MCP.

https://github.com/lensesio/lenses-mcp

https://lenses.io/

Tun Shwe - Staff AI Engineer, Lenses.io

Tun is a Staff AI Engineer at Lenses.io, where he leads AI strategy. He is focused on helping companies imagine and implement their strategic vision with agentic AI systems fuelled with real-time context. He was previously a Head of Data and Data Engineer at high growth startups and has spent 20 years building data-intensive applications and leading T-shaped teams. In his spare time, Tun goes surfing, plays guitar and tends to his analogue cameras.

--

Jeremy Frenay is an AI Engineer at Lenses.io, where he works on bringing AI-assisted engineering to the Apache Kafka ecosystem. Previously, Jeremy co-founded Arcane, an AI copilot for marketers, and led data operations engineering at Babylon Health, scaling data platforms for one of the world's largest healthtech unicorns.

Socials:
https://lenses.io/
https://github.com/lensesio/lenses-mcp
https://www.linkedin.com/in/tunshwe/
https://www.linkedin.com/in/jeremy-frenay/

Slides:
https://drive.google.com/file/d/1zLzkVO7_kBoV6bI7lhYIi3AxUH6j7xH_/view?usp=sharing

AI Engineer

A talk covering why most MCP servers are insecure and how to harden them for production. The speakers outline five design principles for secure agentic interfaces: shrinking attack surface, constraining inputs at schema level, treating documentation as a defensive layer, returning only necessary data, and minimizing blast radius. The talk then covers the security cliff when moving from local stdio to remote HTTP transport, walking through OAuth 2.1 flows including Dynamic Client Registration (DCR) and the newer Client ID Metadata Document (CIMD) approach. Enterprise-grade requirements like tool-level RBAC, data masking, audit logging, and end-to-end tracing are also discussed, with references to the OWASP MCP Top 10.

Your Insecure MCP Server Won't Survive Production — Tun Shwe, Lenses