Introduction to the MCP server
Last updated: Jul 1, 2026
What is MCP?
MCP (Model Context Protocol) is a communication standard that allows AI assistants (e.g., Claude, ChatGPT, Gemini) to connect with external tools and services.
What is the Fluid Attacks MCP server?
Fluid Attacks' MCP implementation is a software component that allows AI systems to connect and work with the Fluid Attacks platform over the Internet. Thanks to this integration, you can query the platform using natural language without leaving your preferred AI tool. Examples of what you can do with it:
- Monitor your security posture: Get real-time information about vulnerabilities in your applications
- Run security scans: Execute automated security tests on your code
- Investigate vulnerabilities: Dive deep into security issues and understand them better
- Get remediation guidance: Receive step-by-step instructions to fix security problems
- Access documentation: Search through Fluid Attacks' security documentation
- Manage your projects: View and organize your security testing projects
Key terms
- Group: A security testing project (e.g., "MobileApp" or "WebPortal")
- Weakness: A type of vulnerability (e.g., SQL Injection)
- Vulnerability: A specific instance of a security issue in your code
- Root: What you're testing (code repo, website, IP address)
- SAST: Scanning source code for security issues
- SCA: Checking dependencies for known vulnerabilities
- Forces: Automated security checks in your CI/CD pipeline
- Treatment: How you're handling a vulnerability (fixing, accepting, etc.)
Key features
- Read-only access: queries platform data; no modifications
- Multi-language support: responds in the user's language
- Conversation memory: maintains context across interactions
- Streaming responses: real-time streaming
- Observability: Logfire tracing and Bugsnag error tracking
- Security: token-based authentication with user validation
Key capabilities of our MCP
You can ask our AI Agent or configure our MCP server to perform the following actions. Each capability lists example prompts you can use:
- Analytics:
See security trends and metrics
- "Show risk over time for the organization ORGANIZATION_NAME."
- "Show me today's security summary for the organization ORGANIZATION_NAME."
- "Show remediation metrics for this sprint for the group GROUP_NAME."
- Vulnerabilities:
Find and track security issues
- "List all XSS-related vulnerabilities in the group GROUP_NAME."
- "List all untreated vulnerabilities by priority for the group GROUP_NAME."
- "Generate a vulnerability report by severity for the group GROUP_NAME."
- "Get details for vulnerability VULNERABILITY_UUID/NAME in the group GROUP_NAME."
- Projects:
Manage security testing projects
- "What is the configuration of each group in the organization ORGANIZATION_NAME?"
- "Show me all information for the group GROUP_NAME."
- Assets:
View tested applications and code
- "List Git repositories of the group GROUP_NAME that are being scanned for security issues."
- Scanning:
Run automated security tests
- "Scan my dependencies."
- "Run a complete security scan."
- "Scan my packages for vulnerabilities."
- DevSecOps:
Monitor pipeline security checks
- "Show the latest scan results for the group GROUP_NAME."
- "Show latest CI/CD security scan results in the group GROUP_NAME."
- Knowledge:
Search security documentation
- "How to fix SQLi reported in the group GROUP_NAME?"
- "Explain [vulnerability type] reported in the group GROUP_NAME."
Further reading
- How to install the MCP and how to integrate our scanners into your SDLC using AI
- MCP capabilities and how to use them
- How to install Docker (prerequisite to run the scanners)
For best results, be specific by mentioning project names, vulnerability types, or time periods.
Troubleshooting
Troubleshoot common issues and errors with the Fluid Attacks VS Code extension. This guide provides step-by-step solutions to get you back on track.
Installation
Integrate the Fluid Attacks MCP server to use natural language queries in AI tools (examples in Claude, Cursor, VS Code, and Windsurf). Also, integrate our scanners into your SDLC using AI agents.