Purchase any Event and get
10% Off
CODE: SAVE10
T&C applicable, please referFAQ
Validity : 05th Jun'26 to 15th Jun'26
MCP Server Security: Protecting AI Infrastructure in Enterprise Environments
- How MCP servers work and how they are typically deployed in enterprise environments
- Where MCP setups go wrong: the most common misconfigurations we see in the field
- Prompt injection through tool results - why it is harder to defend than it sounds
- Authentication and authorization: what good looks like vs. what most teams actually ship
- TLS, certificate management, and locking down your network exposure
- Validating inputs and sanitizing what comes back from tools
- Secrets management: getting API keys and credentials out of config files for good
- What to log, how to monitor it, and how to know when something is wrong
- Mapping your MCP controls to SOC 2, HIPAA, ISO 27001, and NIST AI RMF
- A practical hardening checklist you can take back and use on your own deployment
Overview of the webinar
MCP (Model Context Protocol) is the standard that lets AI models talk to external tools and data sources. Think of it as the plumbing that connects your AI assistant to your company's actual systems - file storage, databases, APIs, internal services. It is powerful, and that is exactly what makes security non-negotiable.
In this session, we start by looking at how MCP servers are actually built and deployed in enterprise settings, then get into the specific ways they go wrong. That includes things like prompt injection through tool responses (a subtler issue than most people expect), tools that are granted far more access than they need, missing input validation, and transport configs that were fine for a proof of concept but not for production. We look at real patterns, not theoretical ones.
We also spend time on the compliance side. If you are under SOC 2, HIPAA, ISO 27001, or working toward NIST AI RMF alignment, you need to know where MCP fits into those frameworks. The session covers what auditors are starting to ask about AI infrastructure, and how to document and demonstrate your controls in that context.
Who should attend?
- Chief Information Security Officer (CISO)
- Security Engineers
- IT Architects
- Compliance Officer
- DevSecOps Engineer
- AI/ML Engineer
- Risk Manager
- Cloud Security Architects
- IT Security Managers & Directors
- Cybersecurity Analysts & Engineers
- Network Security Architects
- Cloud Security Engineers
- Penetration Testers & Red Team Specialists
- Security Operations Center (SOC) Analysts
- Chief AI Officers (CAIOs)
- AI Infrastructure Managers
- Data Scientists working with enterprise AI tools
- DevOps & MLOps Engineers
- Platform Engineers managing AI deployments
- Enterprise Architects
- Technology Risk Officers
- Chief Risk Officers (CROs)
- IT Compliance Managers
- Data Privacy Officers (DPOs)
Why should you attend?
If your team is using AI tools that connect to internal systems, you are already running MCP servers - whether you realize it or not. The problem is that most organizations set them up quickly to get AI working, and security gets pushed to later. This session is about closing that gap before it becomes a breach.
We have seen it play out at real companies: overly permissive tool access, API keys baked into config files, no logging on what the AI actually did. This session walks through exactly how those mistakes happen and what to do about them. It is aimed at people who are already hands-on with AI infrastructure or are about to be.
You will walk away with a concrete checklist you can use the same week to assess your own MCP setup, plus a solid understanding of how MCP security ties into the compliance frameworks your organization is already working under.
Faculty - Mr.Mohammed Ilyas Ahmed
Mohammed is a security and DevSecOps professional with deep experience helping organizations strengthen their security posture across modern, cloud-native environments. His work centers on bridging security, engineering, and operations to enable scalable, resilient, and secure systems in complex enterprise ecosystems.
He is an active contributor to the global technology community and a frequent speaker at leading industry conferences and platforms, including DEF CON, Black Hat, KubeCon (Paris), ISACA, IANS, and Wallarm, among others. He is also regularly invited to serve as a technical session judge, where he brings practical insight and industry rigor to evaluating emerging ideas and innovations.
He maintains strong ties with academia and thought leadership. He contributes research associated with Harvard University, publishing work that advances discussions on modern security practices, governance, and risk management. He is a member of the Harvard Business Review Advisory Council, where he supports collaboration between industry and academia and promotes knowledge sharing and innovation.
His work has a global dimension through his role on the Global Advisory Board of VigiTrust Limited (Dublin, Ireland), where he contributes to international strategies in cybersecurity, data protection, and risk management. He holds numerous industry certifications that reflect the breadth and depth of his expertise in security and cloud technologies.
He is the author of Cloud-Native DevOps, a practical guide to building scalable, reliable, and secure cloud-native applications. The book draws on real-world experience to cover modern DevOps and DevSecOps practices, containers, CI/CD pipelines, and security integration in cloud-native architectures.
His areas of focus include cybersecurity, cloud-native technologies, DevSecOps, risk management, and the role of AI in cloud-native ecosystems. Beyond his professional work, he brings a range of interests and perspectives that inform his leadership and thought leadership.