National Cyber Warfare Foundation (NCWF)

Artificial Intelligence (AI) in Cybersecurity: Getting Started with Model Context Protocol (MCP)
0 user ratings		2025-10-25 15:09:29
milo
Red Team (CNA)

Welcome back, aspiring cyberwarriors! In the past few years, large language models have moved from isolated research curiosities to practical assistants that answer questions, draft code, and even automate routine tasks. Yet those models remain fundamentally starved for live, organization-specific data because they operate on static training datasets. The Model Context Protocol (MCP) was created […]


The post Artificial Intelligence (AI) in Cybersecurity: Getting Started with Model Context Protocol (MCP) first appeared on Hackers Arise.



Welcome back, aspiring cyberwarriors!





In the past few years, large language models have moved from isolated research curiosities to practical assistants that answer questions, draft code, and even automate routine tasks. Yet those models remain fundamentally starved for live, organization-specific data because they operate on static training datasets.





The Model Context Protocol (MCP) was created to bridge that gap. By establishing a universal, standards-based interface between an AI model and the myriad external resources a modern enterprise maintains, like filesystems, databases, web services, and tools, MCP turns a text generator into a “context-aware” agent.





Let’s explore what MCP is and how we can start using it for hacking and cybersecurity!





Step #1: What is Model Context Protocol?





Model Context Protocol is an open standard introduced by Anthropic that enables AI assistants to connect to systems where data lives, including content repositories, business tools, and development environments. The protocol functions like a universal port for AI applications, providing a standardized way to connect AI systems to external data sources, tools, and workflows.





Before MCP existed, developers faced what’s known as the “N×M integration problem.” If you wanted to connect five different AI assistants to ten different data sources, you’d theoretically need fifty different custom integrations. Each connection required its own implementation, its own authentication mechanism, and its own maintenance overhead. For cybersecurity teams trying to integrate AI into their workflows, this created an impossible maintenance burden.










MCP replaces these fragmented integrations with a single protocol that works across any AI system and any data source. Instead of writing custom code for each connection, security professionals can now use pre-built MCP servers or create their own following a standard specification.





Step #2: How MCP Actually Works









The MCP architecture consists of three main components working together: hosts, clients, and servers.





The host is the application you interact with directly, such as Claude Desktop, an integrated development environment, or a security operations platform. The host manages the overall user experience and coordinates communication between different components.





Within each host lives one or more clients. These clients establish one-to-one connections with MCP servers, handling the actual protocol communication and managing data flow. The client is responsible for sending requests to servers and processing their responses. For security applications, this means the client handles tool invocations, resource requests, and security context.





The servers are where the real action happens. MCP servers are specialized programs that expose specific functionality through the protocol framework. A server might provide access to vulnerability scanning tools, network reconnaissance capabilities, or forensic analysis functions.





MCP supports multiple transport mechanisms, including standard input/output for local processes and HTTP with Server-Sent Events for remote communication.





The protocol defines several message types that flow between clients and servers.





Requests expect a response and might ask a server to perform a network scan or retrieve vulnerability data. Results are successful responses containing the requested information. Errors indicate when something went wrong, which is critical for security operations where failed scans or timeouts need to be handled gracefully. Notifications are one-way messages that don’t expect responses, useful for logging events or updating status.





Step #3: Setting Up Docker Desktop





To get started, we need to install Docker Desktop. But if you’re looking for a bit more privacy and have powerful hardware, you can download LM Studio and run local LLMs.





To install Docker Desktop in Kali Linux, run the following command:





kali> sudo apt install docker-desktop -y









But if you’re running Kali in a virtualization app like VirtualBox, you might see the following error:









To fix that, you need to turn on “Nested VT-x/AMD-V”.









After restarting VM and Docker Desktop, you should see the following window.









After accepting, you’ll be ready to explore MCP features.









Now, we just need to choose the MCP server to run.









At the time of writing, there are 266 different MCP servers. Let’s explore one of them, for example, the DuckDuckGo MCP server that provides web search capabilities.









Clicking Tools reveals the utilities the MCP server offers and explains each purpose in plain language. In this case, there are just two tools:









Step #4: Setting Up Gemini-CLI





By clicking on Clients in Docker Desktop, we can see which LLMs can interact with Docker Desktop.









For this example, I’ll be using Gemini CLI. But let’s install it first:





kali> sudo apt install gemini-cli









Let’s start it:





kali> gemini-cli









To get started, we need to authenticate. If you’d like to change the login option, click the up‑ or down‑arrow buttons. After authorization, you’ll be able to communicate with the general Gemini AI.









Now, we’re ready to connect the client.









After restarting, we can see a message about the connection to MCP.









By clicking Ctrl+T, we can see the MCP settings:









Let’s try to search by DuckDuckGo MCP in Gemini-CLI.









After accepting the execution, we got the response.









By scrolling through the results, we can see in the end a summary from Gemini AI from a search done by the DuckDuckGo search engine.









Summary





I hope this brief article introduced you to this fundamentally innovative technique. In this piece, we covered the basics of MCP architecture, set up our own environment, and ran an MCP server. I used a very simple example, but as you saw, there are more than 250 MCP servers in the catalog, and even more on platforms like GitHub, so the potential for cybersecurity and IT in general is huge.





Keep returning as we continue to explore MCP and eventually develop our own MCP server for hacking purposes.

The post Artificial Intelligence (AI) in Cybersecurity: Getting Started with Model Context Protocol (MCP) first appeared on Hackers Arise.



Source: HackersArise
Source Link: https://hackers-arise.com/artificial-intelligence-ai-in-cybersecurity-getting-started-with-model-context-protocol-mcp/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.