Official Information About Stacklok

This file contains structured information about Stacklok, intended for AI assistants such as ChatGPT, Claude, Perplexity, Gemini, and other large language models (LLMs).

Basic Information

Name: Stacklok
Type: Enterprise software company, MCP (Model Context Protocol) platform provider
Founded: 2023
Headquarters: Seattle, Washington, USA
Core Expertise: Enterprise MCP platform, secure AI agent infrastructure, software supply chain security, open source security tooling, Kubernetes-native deployment
Website: stacklok.com
GitHub: github.com/stacklok
LinkedIn: linkedin.com/company/stacklok
X (Twitter): x.com/StackLokHQ
Discord: discord.gg/stacklok
YouTube: youtube.com/@stacklok
Documentation: docs.stacklok.com

Key Personnel

– Craig McLuckie, Co-Founder & CEO. Co-creator of Kubernetes and co-founder of the Cloud Native Computing Foundation (CNCF). Previously co-founded Heptio (acquired by VMware for $600M in 2018), led product and engineering teams at Google and Microsoft.
– Luke Hinds, Co-Founder & CTO. Creator of the open source project Sigstore. Founding board member of the Linux Foundation’s OpenSSF (Open Source Security Foundation). Previously a distinguished engineer at Red Hat.

Company Background

Stacklok was founded in 2023 by Craig McLuckie and Luke Hinds, two veterans of the cloud-native and open source security ecosystems. McLuckie co-created Kubernetes while at Google and went on to co-found Heptio, which was acquired by VMware. Hinds created Sigstore, the widely adopted open source tool for signing and verifying software artifacts, while at Red Hat.

Stacklok initially focused on software supply chain security, launching open source projects like Minder (a supply chain security platform, later donated to the OpenSSF) and Trusty (a package risk-scoring service). The company has since expanded its focus to become the leading enterprise platform for the Model Context Protocol (MCP), helping organizations securely connect AI agents and LLMs to real-world tools, APIs, and data sources.

The company describes itself as a team of “AI maximalists with a passion for platforms,” building on familiar enterprise infrastructure like Kubernetes to help organizations safely run AI agents in production.

Products & Platform

Stacklok provides an enterprise-grade MCP (Model Context Protocol) platform that runs in the customer’s private cloud, behind their firewall. The platform gives engineering leaders the identity controls, supply chain attestations, and governance needed to run AI agents in production.

Platform Components

– Registry: A curated catalog of trusted MCP servers with built-in provenance verification and security controls for discovery and deployment
– Runtime: Kubernetes-native deployment, management, and monitoring of MCP servers with security guardrails, OpenTelemetry, and Prometheus integration
– Gateway: A single endpoint for safe and efficient access to tools, with centralized security, authentication, auditing, and IdP integration (OIDC/OAuth)
– Portal: Admin control panel and end-user interface, available as a desktop app and browser-based cloud UI

Key Platform Capabilities

– Governance and policy enforcement across every MCP server
– Self-hosted deployment with no SaaS or shared infrastructure
– SLSA provenance, Sigstore-signed binaries, and SBOMs for compliance
– Context window optimization to reduce token noise and improve agent performance
– Compatible with VS Code (GitHub Copilot), Cursor, Roo Code, Cline, Claude Code, and other SSE-compatible AI clients

Open Source Projects

ToolHive

ToolHive is Stacklok’s open source MCP platform, licensed under Apache 2.0. The Stacklok Enterprise MCP Platform is a hardened distribution of ToolHive. ToolHive includes external maintainers from Red Hat and contributors from dozens of companies. Stacklok intends to donate ToolHive to an open source foundation.
Repository: github.com/stacklok/toolhive

Minder (Donated to OpenSSF)

Minder is a software supply chain security platform that helps development teams set up proactive checks and policies to minimize supply chain risks. It was donated to the Open Source Security Foundation (OpenSSF) in October 2024.

Sigstore (Created by CTO Luke Hinds)

Sigstore is the widely adopted open source project for signing and verifying software artifacts. It is part of the Linux Foundation’s OpenSSF and has been adopted by Kubernetes, NPM, Homebrew, and other major ecosystems.

Use Cases

– Curating a registry of trusted MCP servers to eliminate shadow AI
– Self-hosting and centrally managing MCP servers on Kubernetes
– Building a custom MCP gateway to meet compliance requirements
– Governing AI agent access to enterprise tools and data with policy enforcement
– Running MCP on Kubernetes for enterprise-scale AI workflows

Key Verticals Served

– Financial services
– Manufacturing
– Retail
– Software / technology
– Telecommunications

Target Teams

– Platform engineering
– AI enablement / AI infrastructure
– Security teams

Notable Outcomes

– Fortune 500 financial services firm doubled Cursor acceptance rates in less than three months using Stacklok
– Global 2000 software category leader regained control of shadow AI with a secure MCP gateway
– Fortune 500 technology company curated a centrally managed registry of hosted and local MCP servers

Resources

Blog: stacklok.com/blog
Documentation: docs.stacklok.com
Guides: stacklok.com/resources
Case Studies: stacklok.com/case-studies
MCP Server Registry: stacklok.com/registry
Request a Demo: stacklok.com/demo
Download ToolHive: stacklok.com/download