← back

Your Insecure MCP Server Won't Survive Production — Tun Shwe, Lenses

Original: Your Insecure MCP Server Won't Survive Production — Tun Shwe, Lenses

1.5K views · Apr 08, 2026 · 24:33 min · Watch on YouTube ↗

Takeaway

Good MCP design and good MCP security are the same discipline — get the interface wrong and OAuth can't save you.

Summary

Lenses team frames MCP security through Jeremy Lewi's three agent-vs-human dimensions (discovery, iteration, context) each casting a security shadow — e.g., every tool description is a tool-poisoning surface (OWASP MCP top 10 #3).
Five MCP design principles: shrink attack surface via coarse-grained outcome tools; constrain inputs at schema (Pydantic, enums, no nested free-form); treat docs as defensive layer; return only what's needed; minimize blast radius with tool-/resource-level scopes and read-only annotations.
Standard IO MCP is a walled garden but doesn't scale — Stacklock load test showed 20 of 22 requests fail at just 20 concurrent connections; production needs streamable HTTP with full OAuth, CORS, TLS, rate-limiting all at once.
Implementing MCP-grade auth means 10+ RFCs (OAuth client discovery, metadata, token lifecycle) — there's no halfway house between local and remote MCP.

mcpsecurityoauth

Original description

Tun Shwe and Jeremy Frenay from Lenses.io address the critical security and design challenges involved in moving Model Context Protocol (MCP) servers from local development to enterprise production. Effective agentic design is inseparable from security and here we propose five core principles such as shrinking the attack surface, constraining inputs and returning only essential data. Standard local setups fail under professional workloads, necessitating a shift to remote MCP servers and robust authentication frameworks. Detailed technical flows are provided for OAuth 2.1, comparing Dynamic Client Registration (DCR) with the more advanced Client ID Metadata Document (CIMD) approach for managing agent identities. Come learn how to adopt the correct mindset for building enterprise-grade agentic AI systems with MCP.

https://github.com/lensesio/lenses-mcp

https://lenses.io/

Tun Shwe - Staff AI Engineer, Lenses.io

Tun is a Staff AI Engineer at Lenses.io, where he leads AI strategy. He is focused on helping companies imagine and implement their strategic vision with agentic AI systems fuelled with real-time context. He was previously a Head of Data and Data Engineer at high growth startups and has spent 20 years building data-intensive applications and leading T-shaped teams. In his spare time, Tun goes surfing, plays guitar and tends to his analogue cameras.

Jeremy Frenay is an AI Engineer at Lenses.io, where he works on bringing AI-assisted engineering to the Apache Kafka ecosystem. Previously, Jeremy co-founded Arcane, an AI copilot for marketers, and led data operations engineering at Babylon Health, scaling data platforms for one of the world's largest healthtech unicorns.

Socials:
https://lenses.io/
https://github.com/lensesio/lenses-mcp
https://www.linkedin.com/in/tunshwe/
https://www.linkedin.com/in/jeremy-frenay/

Slides:
https://drive.google.com/file/d/1zLzkVO7_kBoV6bI7lhYIi3AxUH6j7xH_/view?usp=sharing