Loading…
April 2-3, 2026
New York, NY
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit North America to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Securing the MCP Ecosystem: Production Patterns for Transparency and Trust - Lisa Tagliaferri & Trevor Dunlap, Chainguard
Friday April 3, 2026 4:20pm - 4:45pm EDT
Empire Complex (7th Floor)
Model Context Protocol servers are increasingly granted access to critical infrastructure from observability systems and databases to code repositories. This access introduces new supply chain security challenges for teams operating MCP servers in real-world environments.

In this talk, we share lessons learned from Chainguard’s experience building MCP infrastructure for production. Starting with mcp-grafana, our first hardened MCP server, we reduced known CVEs to 0 at publish time while shrinking image size by 65%. We developed repeatable security patterns for MCP delivery, including automated rebuilds, attack surface minimization, SBOM generation, and SLSA provenance.

We then applied these same patterns to a different use case: a documentation MCP serving over 1,500 container image guides, enabling secure access through AI assistants. These implementations demonstrate how consistent supply chain controls can support both infrastructure-integrated and content-focused MCP servers.

Attendees will learn practical approaches to threat modeling MCP servers. We’ll also share our challenges and failures, along with open-source workflows the community can adopt across the MCP ecosystem.
Speakers
avatar for Lisa Tagliaferri

Lisa Tagliaferri

Senior Directory, Developer Enablement, Chainguard
Lisa Tagliaferri is Senior Director of Developer Enablement at Chainguard and a maintainer of Sigstore’s documentation. The author of “How To Code in Python” and a Linux Foundation course developer, Lisa focuses on helping developers and maintainers adopt CNCF and OpenSSF tooling... Read More →
avatar for Trevor Dunlap

Trevor Dunlap

Senior Software Engineer, Chainguard
Trevor Dunlap is a senior software engineer at Chainguard. He holds a Ph.D. in Computer Science with a focus on automating the enhancement of vulnerability data. Trevor is an advocate for open source software security and enjoys competing on Kaggle.

securing the mcp ecosystem pptx
Friday April 3, 2026 4:20pm - 4:45pm EDT
Empire Complex (7th Floor)
  Security and Operations
  • Audience Experience Level Any
  • Session Slides Yes

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Conference Scheduling Software Privacy Terms
Share Modal

Share this link via

Or copy link