Developers have quickly gravitated toward the Model Context Protocol (MCP) ecosystem, but the surge in adoption has raised urgent questions about security. Running unverified MCP servers using methods like npx or uvx exposes systems to critical risks, as these approaches can execute arbitrary code with broad access to your files and network. As MCP moves from experimentation to production, a more robust, standardized security model is essential.
What is MCP?
The Model Context Protocol (MCP) is an open-source protocol designed by Anthropic to help AI models and development tools share information seamlessly. It creates a standardized way for different applications to provide context to one another, which is crucial for improving the efficiency and accuracy of AI-powered workflows.
Think of it as a common language that allows various developer tools to "talk" to each other. For example, with MCP, your code editor can share the code you're currently working on, your terminal can share its command history, and Figma can provide design details. An AI assistant can then use this shared context to give you more relevant and accurate help, such as generating code that matches your project's style or answering questions based on the files you have open.
Before MCP, developers often had to manually copy and paste information between tools, or rely on custom-built integrations that were often brittle and difficult to maintain. MCP solves this by establishing a standardized "context server" that applications can connect to. This makes it easier to build powerful, integrated AI experiences and allows developers to work more efficiently without constantly switching between different applications.
Docker’s Proven Security Advantage
Docker, with its deep expertise in securing cloud-native applications, is uniquely suited to address these challenges. The Docker MCP Catalog offers a fundamentally safer way to discover and run MCP servers. By leveraging Docker’s infrastructure, developers benefit from:
- Cryptographic signatures ensuring image integrity
- Software Bill of Materials (SBOMs) for auditability and transparency
- Host system isolation to shield local resources
- Granular permission controls that limit server access to only what’s required
This security-first approach does not slow down development, it streamlines secure deployments for everyone in the MCP ecosystem.
Discoverability and Transparency Enhanced
The new Docker MCP Catalog is designed for clarity and ease of use. Available through Docker Hub, Docker Desktop, and a dedicated catalog interface, it introduces:
- Use case-based browsing: servers are grouped by functions like Data Integration, Productivity, Analytics, and more
- Advanced search capabilities: locate servers by tools, features, GitHub tags, and categories
- Clear security labeling: each entry shows whether it’s Docker-built (fully validated) or community-built (publisher-managed)
These features empower developers to find, evaluate, and trust the right MCP servers for their needs, all while maintaining high transparency standards.
Understanding Security Tiers: Docker-Built vs. Community-Built
Docker-Built Servers are subjected to Docker’s rigorous security processes, including cryptographic signing, SBOMs, provenance attestations, and ongoing vulnerability scans.
Community-Built Servers are packaged by independent developers and still benefit from container-based isolation, though Docker does not control every aspect of their build.
Both tiers drive the ecosystem forward: Docker-built sets the benchmark for security, while community-built fosters rapid growth and experimentation.
Open Submissions: Securing the Ecosystem Together
Docker now welcomes both individuals and organizations to submit their MCP servers to the Catalog. This open approach enables publishers to reach Docker’s vast developer audience while raising security standards across the board. The process is simple:
- Containerize your server as a Docker image
- Submit via GitHub at the official MCP registry repository
- Select your tier: Docker-built (managed by Docker) or community-built (self-managed)
Early adopters like ClickHouse have already validated this model, using the Docker-built tier to maximize both security and reach for their AI-driven services.
What’s Next: Remote Servers and Deeper Integration
Docker is preparing for the future of cloud-native AI with remote MCP servers that offer managed, scalable services and strict resource boundaries. Additionally, collaboration is underway for an official MCP registry, aiming to pair centralized discovery with Docker’s secure runtime and distribution network.
Building Trust for the AI-Powered Future
The rapid growth of the MCP Catalog signals clear demand for secure, reliable AI tool distribution. Docker’s containerized, signed, and transparent servers are redefining what’s possible, making security the default, not an afterthought. By shifting from risky direct code execution to trusted containers, Docker is paving the way for a safer, more productive AI ecosystem.
Ready to join the movement? Explore the MCP Catalog, contribute your own servers, and help create a trusted foundation for AI innovation.
Docker MCP Catalog - Setting a New Standard for Secure AI Tool Discovery