How to Design Secure MCP Deployments

API Security

A talk given by Curity's Gary Archer at the 2025 Platform Summit in Stockholm, Sweden.

So you want to grant API access to AI agents and control security? You’ve heard of the Model Content Protocol (MCP) Authorization. But how do you manage MCP in the bigger picture of your API architecture? In this lightning talk Gary will:

  • Explain a deployment that enables maximum business value for your APIs.

– Summarize the benefits of an authorization-first design. – Highlight some key threats and mitigations for MCP clients. – Demonstrate an example flow and the MCP client lifecycle.

More Live presentations videos

Identity: The Kill Switch For API-Driven Digital Sovereignty
Ghosts, Zombies, and Robots: Handing Off Control to the Non-Humans
MCP Client — Just Another OAuth Client?
Panel Discussion: API Security in the Age of AI
How to Build a Fortress with the Security of a Tent
Who Needs That FAPI Thing, Anyway?
Panel Discussion: API Authorization
The Swedish Chef Would Be Proud: Cooking up a Secure API in Minutes – Instructions Included
OAuth Well Played – Mods and Combos for the Cloud Native API Security Game
Show Me Your Wallet to Tell Me Who You Are - Using Verifiable Credentials with OAuth
Ditch the Browser, Native API-Driven App Authentication with Passkeys
Military-Grade Security for APIs
Decentralized Identities Changes Everything, Even Your APIs
Addressing Top API Security Risks
Browserless OAuth Flows in Mobile Apps Using a Hypermedia API
OAuth and OpenID Connect - What's next?
Curity on ProgrammableWeb's Developers Rock Podcast
OAuth Tokens As Your Identity API
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
Scalable API Security Using OAuth
Financial Grade APIs Using OAuth and OpenID Connect
Security Is a Concern, Let’s Make It an Enabler
Securing APIs in a Cloud Native Environment Using OAuth
Securing APIs and Microservices with OAuth and OpenID Connect
OAuth and OpenID Connect for PSD2 and Third-Party Access