Patchwork AI: Why OAuth Is Broken for MCP with Ken Huang

πŸ” OAuth was not designed for MCP. Here is what needs to change. In this lightning talk, Ken Huang breaks down the evolution of OAuth in the MCP ecosystem, the security gaps that remain, and the proposals working to fix them. Key topics covered: βœ… How MCP originally implemented OAuth and why it was insufficient βœ… The shift to separating the resource server from the authorization server βœ… Dick Hardt's critique: why OAuth is not a good fit for MCP βœ… SEP-1299 and SEP-991: the MCP specification enhancement proposals addressing auth flows βœ… Bearer token vulnerabilities and how moving token storage server-side helps βœ… Tool schema poisoning and tool misuse during dynamic MCP tool discovery βœ… Why current OAuth proposals protect the client but not the MCP server βœ… How the Agent Name Service (ANS) and Project Nanda point toward a more complete fix The security of agentic systems depends on getting this right before agents have access to everything. This talk is for AI security engineers, MCP developers, and anyone building authentication and authorization into agentic systems. πŸ”— Sign up for updates & upcoming events: advanced-ai-society.org πŸ“§ Contact: [email protected] πŸ—“οΈ UPCOMING: Summit on Human AGENCY, presented in partnership with the Linux Foundation & Linux Foundation Decentralized Trust ──────────────────────────────── πŸ”” Subscribe for talks on AI governance, agentic systems, decentralized trust, and the future of human-AI collaboration. #AgenticAI #MCP #OAuth #AISecurit #ArtificialIntelligence #AIGovernance #AdvancedAISociety #PatchworkAI #AgentSecurity #PKI #ModelContextProtocol