Agentic AI Needs Guardrails: Craig McLuckie and SUSE on MCP

The discussion at Suzacon centered on the rapid emergence of agentic AI for infrastructure management and the pivotal role of the MCP (Managed Control Plane) framework. Craig McCluckey, founder of StackLock, described how agents can evolve from passive alerting to autonomous diagnosis and remediation, turning infrastructure into self‑healing systems. Rick Spencer of SUSE explained that MCP servers provide a secure, auditable JSON‑based interface that mediates agent actions, preventing unrestricted API access and enabling enterprises to enforce policy‑as‑code. Key insights included the hard‑code versus soft‑code paradigm, where production‑grade code is rigorously vetted while AI‑generated "soft" code runs under strict MCP constraints. The speakers highlighted that MCP quickly became the de‑facto standard for agent communication, largely because it offers human‑readable logs and granular permission controls. StackLock’s Hive project was presented as a Kubernetes‑native platform that operationalizes MCP at scale, handling authentication, authorization, observability, and supply‑chain integrity. Notable examples featured agents automatically resolving Kubernetes crash‑loop‑back‑off incidents and the creation of curated MCP registries that sign and harden server images. Both guests stressed the necessity of trusted repositories and the need for a business model that funds open‑source maintainers to ensure security and reliability. The implications are clear: enterprises must adopt MCP‑based guardrails now to safely harness agentic AI, or risk exposing critical systems to uncontrolled, potentially harmful automation. Early investment in MCP tooling and vetted registries will differentiate organizations that achieve resilient, AI‑native operations from those that face security and compliance setbacks.