RAD Security MCP Server

The RAD Security MCP server acts as a bridge between AI assistants and the rich security telemetry produced by Rad Security’s platform. By exposing a Model Context Protocol endpoint, it allows conversational agents to query real‑time data about Kubernetes clusters, cloud resources, container images, and threat intelligence without leaving the chat interface. This capability transforms security operations from a passive monitoring task into an interactive, AI‑driven workflow where questions such as “Which pods are currently misconfigured?” or “Show me the top three vulnerable images in my cluster” can be answered instantly.

At its core, the server aggregates and normalizes several key security domains: Account Inventory, Containers Inventory, Runtime Security, Network Security, Identity & Access, Audit, Cloud Security, Images, Kubernetes Objects, Threat Vector, and CVEs. Each domain is represented by a set of intuitive queries—listing entities, fetching details, or retrieving recent findings. For example, the Runtime Security feature exposes process trees and baseline snapshots for running containers, enabling an assistant to explain why a particular process was flagged. The Network Security suite offers HTTP request logs and connection traces, allowing analysts to trace suspicious traffic patterns through a conversational prompt.

Developers benefit from the server’s authentication‑aware design. Most operations require Rad Security credentials, ensuring that sensitive data remains protected while still being accessible to AI workflows. However, the server also supports unauthenticated queries for public information such as CVE listings or Kubernetes misconfiguration policies, giving teams a lightweight entry point for exploration. The API’s transport flexibility—supporting both Streamable HTTP and the legacy SSE model—ensures compatibility across environments, from local Docker containers to cloud‑hosted deployments.

Real‑world use cases include automated incident response, where an AI assistant can pull the latest threat vectors and correlate them with on‑prem Kubernetes events; continuous compliance monitoring, where the server lists resource misconfigurations and suggests remediation steps; and vulnerability triage, where image SBOMs and CVE details are surfaced on demand. By integrating this MCP server into development pipelines, security engineers can ask questions in natural language and receive structured, actionable insights—dramatically reducing the time from detection to mitigation.

In summary, the RAD Security MCP server empowers AI assistants to become first‑line security analysts. Its comprehensive coverage of container, cloud, and network telemetry, combined with secure access controls and flexible deployment options, makes it a standout tool for teams looking to embed AI into their security operations.