Your team wants to ship AI assistants that interact with internal systems, modify configurations, and automate workflows. Security wants to know what those agents can actually do and whether anything is being audited. OAuth alone does not bridge that gap because its scopes were never designed for AI-driven automation and are typically too coarse-grained for agents acting on your behalf.

This talk walks through building secure AI agent infrastructure from day one using Zero Trust patterns and the Model Context Protocol (MCP). The approach is a dual-layer architecture: an Identity-Aware Proxy in front of MCP servers, paired with fine-grained authorization policies that govern exactly which tool calls an agent can make.

We’ll see it live against the GitHub MCP server, with an agent permitted to open pull requests but blocked from merging, plus the audit trail to prove it. Everything shown is open source and deployable, so you leave with a working reference implementation rather than a slide-ware pattern.

• github.com/pomerium/pomerium — an open core Identity-Aware Proxy
• github.com/nickytonline/github-mcp-http - a fork of the GitHub MCP server
• github.com/nickytonline/mcp-typescript-template — a template for building your own MCP server in TypeScript