Model Context Protocol (MCP)

The Contrast MCP server is a bridge between Contrast’s data — most notably, the powerful and contextual Interactive Application Security Testing (IAST) vulnerability data — and an integrated development environment- (IDE-) based AI agent. Organizations can leverage the many benefits of artificial intelligence (AI) to significantly improve their AppSec programs and strengthen their defenses.

What is the Model Context Protocol (MCP)?

A Model Context Protocol (MCP) server is a component in a client-server architecture designed to expose external tools, services or data to AI agents. It allows Large Language Models (LLMs) within AI tools, like GitHub Copilot or Cline, to access resources beyond their immediate environment and leverage available capabilities.

MCP enhances AI agents by providing them with the eyes (context), the hands (tool interaction) and the understanding needed to move from generating isolated text to intelligently interacting with and acting upon real-world systems and data, particularly in specialized domains like AppSec.

Upon startup or as needed, this client queries configured MCP servers, which are responsible for exposing a catalog of available tools, services or data. 

How does Model Context Protocol work? What is MCP's architecture and core components?

MCP is built upon a client-server architecture. This architecture is described as a familiar paradigm in distributed computing.

The protocol comprises two key components:

1. The MCP client: This component resides directly within AI tools or agents. Examples mentioned include GitHub Copilot, Cline, Aider, Claude Desktop, Cursor and ADA.
2. The MCP server: This component is responsible for exposing external tools, services, and/or data to the AI clients.

The way it works is that upon startup or as needed, the MCP client within the AI tool queries configured MCP servers. This query retrieves a catalog or list of available tools and their descriptions. This discovery mechanism allows the AI tool to dynamically understand what external resources are accessible and precisely how to utilize them. When the AI is prompted, it can then intelligently leverage these available tools.

Benefits of Contrast MCP server for AI coding agents

The Contrast MCP server allows developers to rapidly and precisely remediate vulnerabilities detected by Contrast without leaving their IDE. Contrast's MCP server supplies the AI with deep, contextual intelligence, including vulnerability type, exact code location, triggering HTTP requests, data flow, user-controlled data and expert remediation instructions, enabling the AI agent to accurately pinpoint and fix issues — even complex ones in third-party libraries. This empowers AI to not only identify but actively act upon real-time AppSec data, significantly accelerating remediation time.

Contrast’s MCP server has been used to help AI coding agents remediate several specific types of vulnerabilities. It helps developers remediate vulnerabilities in their own code and vulnerabilities found in third-party libraries.

When Contrast’s products detect vulnerabilities — including categories such as unsafe deserialization and command injection — Contrast's MCP server can help developers to rapidly fix them.