Introduction to MCP

The specification is rapidly evolving and gaining traction across the AI industry. Anthropic’s Model Context Protocol creates an universal interface that makes enterprise data accessible to AI systems through natural language commands, replacing fragmented integrations with a single protocol. It's specifically designed to address the challenge that even sophisticated AI models are constrained by their isolation from real-time data sources. 

Large language models (LLMs) are flexible tools to interact with data and take actions (agentic AI). To help us do work more efficiently, LLMs need real-time access to enterprise data. However, most LLMs are still very siloed. Integrations to leverage enterprise data in AI are expensive and often require custom setups. 

MCP changes the game. It creates a standardized, two-way API between the LLM and your data and actions. This helps AI chatbots and agentic AI to access information on-demand and take action on it. Services like Mondoo which support MCP allow you to connect data to your favorite LLM easily:

1. In this example, a user asks their favorite LLM like OpenAI, Anthropic's Claude or GitHub Copilot if it can help them work on their security data. This is done in natural language. Users don't need to worry about where their request is sent and how everything works behind the scenes. They just ask the LLM to solve the problem.

2. The LLM processes the user request, it decides if it needs help from Mondoo. The Mondoo MCP service provides a lot of information about the security of the user's environment, prioritization of vulnerabilities, remediation advice and actions. Thanks to MCP, the LLM can translate the user's natural language request to an MCP request to Mondoo. 

3. Mondoo then processes the LLM's request. We either retrieve data or take action on it - whatever the LLM needs. The MCP specification supports resources (e.g. find vulnerabilities), tools (e.g. generate a remediation snippet) and prompts (e.g. start a remediation workflow). We are still in the early days of MCP therefore not all features are supported by all LLMs. 

4. Mondoo MCP server sends the requested results back to the LLM.

5. The LLM then understands the results and responds to the human in plain english sentences.

Empower Security Teams

The Mondoo Model Context Protocol (MCP) Server enhances AI’s natural language understanding and combines it with the power of Mondo workflows.

Turn security findings into remediation - Leverage prioritized findings and fix them now in code.

Security teams face a constant challenge of finding vulnerabilities across their infrastructure. The traditional workflow—manually identifying issues, determining their priority, creating fixes, and deploying them—is time-consuming and prone to human error. Critical vulnerabilities might go unaddressed while teams focus on less impactful issues. Instead of manually sifting through security alerts, our user leverages an AI assistant connected to Mondoo. With a simple request like "Show me my most critical security findings," the AI instantly has access to all Mondoo’s security data and presents a prioritized list.

Rather than researching fixes and manually updating automation scripts, the user then asks the AI to help modify their existing Ansible playbooks. With the updated automation in place, the user can confidently deploy the fix across affected systems

Working with policies and prioritizing fixes

Policies help us validate security and regulatory requirements and often serve as the backbone of posture management. With Mondoo's MCP integration you are empowered to easily work with policies in your favorite chatbot.

This integration allows you to interact with all policies and their checks. You can search, summarize, and explore any policy and its contents. For example, you can validate if the Linux policy helps with your next ISO audit. You can see if all the services are included. Or you can ask if the CIS policy includes everything you need for your corporate requirements.

This also includes security findings, which helps answer questions like: How compliant am I with my policies? Where should I focus on? What services should we fix? What findings can be fixed with Terraform?

There are more use-cases around policies, which we will explore in a future blog post, including the creation of new policies as well as exception-management. 

Security Risks

MCP is a critical step in making AI more accessible and usable for many use-cases. Since companies can run their own LLMs, MCP actually increases the level of privacy and access control. However, it doesn't come without any risks.

First, MCP must be implemented carefully with permission boundaries in mind. You need to ensure users are properly authenticated and authorized to access the data - and more importantly the actions - that are assigned to them. MCP recently published an updated draft specification to include authorization into the specification. If a MCP tool lacks proper usage boundaries it can be abused by an attacker to have near admin-level access to internal data.

Even with proper boundaries in place, we have to remember that the MCP server often has broad access to internal functionality and data, making it a prime target for attacks. Any successful exploit against its APIs could be elevated to do more than any MCP server developer intended.

Finally, as the darling of early AI chatbot attacks, there are prompt injections. A carefully crafted prompt template of an MCP server could lead the LLM to take unintended actions. For example, if you attach deployment automation via MCP to your LLM, a carefully crafted message could create, approve, and deploy malicious code through a pipeline.

Conclusion

MCP unlocks powerful possibilities by seamlessly connecting large language models with structured data and tools. We're thrilled to announce our new MCP integration, now available in early access, enabling users to detect vulnerabilities, establish priorities, and fix them. We anticipate MCP will continue to evolve and expand its capabilities, leading to more integrated services.

Beyond its functional benefits, MCP enhances data privacy by providing precise control over what information LLMs can access. However, we recognize that these innovations introduce new security considerations, with novel attack vectors already beginning to emerge. In this evolving landscape, protecting both the LLMs themselves and the MCP servers is becoming increasingly important.

Watch this space for upcoming articles exploring both the offensive and defensive aspects of MCP security. Interested in learning more? Contact us to set up a demo with one of our experts.