Loading…
April 2-3, 2026
New York, NY
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit North America to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
OCI Images as MCP Packaging: Supply Chain Security for AI Tools - Juan Antonio Osorio, Stacklok
Thursday April 2, 2026 3:35pm - 4:00pm EDT
Astor Ballroom (7th Floor)
So you found an MCP server on npm that does exactly what you need. You run npx and... now what? One reason people skip security verification for MCP servers is that it's genuinely hard to know what you're actually running. The package works, so why question it?

Here's the thing: MCP servers are getting access to your files, your APIs, your credentials. We should probably know what's in them before we hand over the keys.

In this talk, we'll dig into using OCI containers as the packaging standard for MCP servers - not because containers are trendy, but because they unlock supply chain security constructs that npm and PyPI simply don't have. We'll walk through building repackaging pipelines that verify source packages, run MCP-specific security scans, and produce attestations with Sigstore. Real pipelines, real commands, real output.

Note that this won't solve every trust problem - but it gets us a lot closer to "I know what I'm running" than the current state of affairs.
Speakers
avatar for Juan A. Osorio

Juan A. Osorio

Principal Engineer, Stacklok
Juan Antonio "Ozz" Osorio is a Mexican software engineer living in Finland. His background spans security for OpenStack, Kubernetes, and bare metal environments. Currently at Stacklok, he founded the ToolHive project and has been building MCP infrastructure, including supply chain... Read More →
Presentation OCI Images pdf
Thursday April 2, 2026 3:35pm - 4:00pm EDT
Astor Ballroom (7th Floor)
  MCP Best Practices

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Conference Scheduling Software Privacy Terms
Share Modal

Share this link via

Or copy link