OCSF Articles

MCP: Could it Change the Game for Security Tools?

MCP and security tools
Jason Keirstead
Jason Keirstead

The article "MCP: Could it Change the Game for Security Tools?" by Jason Keirstead, published on April 23, 2025, explores the potential of the Model Context Protocol (MCP) to revolutionize how Artificial Intelligence (AI) interacts with cybersecurity tools. MCP, an open standard championed by Anthropic, aims to simplify the integration of AI models, particularly large language models (LLMs) and agents, with various security products, data feeds, and systems. Historically, connecting AI to diverse security tools has been a complex endeavor, often requiring unique adapters for each integration. MCP seeks to resolve this by providing a universal communication framework, akin to the USB-C of the AI world.

The core mechanism of MCP involves a client-server architecture designed for AI. An MCP Host (e.g., an AI-driven security operations center (SOC) tool like Simbian) manages connections to MCP Servers, which act as translators, exposing the functionalities of external systems (like security tool APIs or databases) in the MCP format. The MCP Client, embedded within the Host, maintains dedicated connections to MCP Servers using JSON-RPC 2.0. This structure allows AI to seamlessly communicate with and leverage security tools.

MCP defines specific message types, or "primitives," crucial for security operations. "Tools" are AI-controlled actions, enabling the AI to perform operations such as isolating a computer, querying a threat database, or blocking an IP address. The article emphasizes the critical need for robust security and user permission mechanisms around these AI-driven actions. "Resources" are application-controlled data provided to the AI to enhance its understanding of a situation, including security policies, system logs, or threat intelligence updates. This distinction between data input and action execution is vital for implementing principles like least privilege, allowing for differentiated security controls. "Prompts" are user-controlled, pre-written instructions guiding the AI on optimal tool or data usage for specific tasks.
See full article here.