Descriptions:
Presented at the AI Engineer 2026 conference, this session from Tunay and Jeremy Fren — AI engineers at Lenses, a streaming data platform built on Apache Kafka — argues that insecure MCP server design and poor MCP server design are the same problem. Their core thesis: every architectural shortcut in an MCP interface casts a “security shadow,” and no amount of OAuth bolted on afterward can compensate for a badly structured tool surface.
The talk walks through five concrete design principles for production-grade MCP servers: shrink the attack surface by collapsing fine-grained operations into coarse-grained outcomes, curate tool descriptions to minimize token exposure and injection surface, apply immutable state and schema validation at every handoff, enforce least-privilege scoping on API keys, and plan for the “chasm” between local stdio transport and remote HTTP deployments. The speakers cite OWASP’s MCP Top 10 list throughout and include a load test result showing stdio transport failing 20 out of 22 requests under just 20 simultaneous connections — illustrating why scaling to production forces teams across a security boundary all at once.
Jeremy then details the OAuth flows required for remote MCP servers, contrasting long-lived shared API keys (common in local setups) with properly scoped, rotatable tokens. Lenses has open-sourced their own MCP server and the talk draws directly from their production deployments across financial services and other regulated industries.
📺 Source: AI Engineer · Published April 08, 2026
🏷️ Format: Deep Dive
