{"id":35426,"date":"2026-02-18T12:36:43","date_gmt":"2026-02-18T11:36:43","guid":{"rendered":"https:\/\/inlab.fib.upc.edu\/?p=35426"},"modified":"2026-02-23T12:34:17","modified_gmt":"2026-02-23T11:34:17","slug":"the-mcp-protocol-the-secret-language-of-cybersecurity-with-ai","status":"publish","type":"post","link":"https:\/\/inlab.fib.upc.edu\/en\/blog\/the-mcp-protocol-the-secret-language-of-cybersecurity-with-ai","title":{"rendered":"The MCP Protocol: The Secret Language of Cybersecurity with AI"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>\n

Nowadays, we know that an Artificial Intelligence agent can reason and solve tasks autonomously. But what happens when the problem is too complex and requires data scattered across multiple environments, such as servers, databases, or code repositories? The solution is not to create a theoretical \u201csuperagent\u201d that knows everything by heart, but to create a system capable of connecting to the real world. <\/p>\n

<\/p>\n

Whether we work with a single powerful assistant or a team of specialized agents, the main challenge is no longer intelligence, but access to information. For collaboration to be effective, the key is not just that the agents \u201ctalk,\u201d but that they have a standardized and secure way to access the real context of the company. This is where the MCP protocol comes into play. <\/p>\n

<\/p>\n

<\/p>\n

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
What is the MCP Protocol?<\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

To enable smooth collaboration between Artificial Intelligence and real-world data, the industry is adopting MCP (Model Context Protocol). The MCP protocol is an open standard introduced by Anthropic that acts as a \u201cuniversal connector\u201d (similar to a USB-C port for AI applications). Its function is to allow AI assistants to securely connect to external data servers, code repositories, or productivity tools. <\/p>\n

Instead of building a specific integration for each tool, MCP defines a standard protocol so that:
\u2022 The AI (Client) requests information or actions.
\u2022 The Tool (MCP Server) provides the necessary context or executes the command.<\/p>\n

This ensures that AI assistants (such as Claude or programming IDEs) have direct and secure access to the context they need to work, breaking down the barriers between language models and the user\u2019s real-world data.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Why is it a revolution in Cybersecurity?<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In the field of cybersecurity, the main problem is fragmentation: data is spread across dozens of different tools (SIEMs, firewalls, logs, XDRs, code analysis) that sometimes do not communicate with each other. MCP transforms this scenario by acting as a universal interoperability layer, allowing an AI-based cybersecurity system to connect directly to any data source to obtain the full context of a threat. <\/p>

How does it actually work with MCP? If a new threat appears, the security assistant uses MCP servers to: <\/p>

    \n
  1. \n

    Read logs directly from the server (via File MCP).<\/p>\n<\/li>\n

  2. \n

    Check the status of the cloud infrastructure (via AWS or Azure MCP).<\/p>\n<\/li>\n

  3. \n


    Analyze suspicious code in the repository (via GitHub\/GitLab MCP).

    <\/p>\n<\/li>\n<\/ol>

    \n\n\n<\/p>

    This allows us to move from isolated tools to an AI with full context, capable of cross-referencing data from different sources in real time to detect complex patterns that were previously hidden due to system separation.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Illustration 1: Generated with Nano Banana<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t
    Risks and Security Controls in MCP Servers<\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    The main risks identified in the use of MCP servers (Model Context Protocol) and the recommended strategies to mitigate them should also be taken into account:<\/p>\n

    \u2022 Authentication and Authorization: There is a risk of the \u201cconfused agent,\u201d where the server could act without the user\u2019s explicit permission. It is crucial to properly implement protocols like OAuth and adhere to the principle of least privilege to prevent unauthorized access. <\/p>\n

    \u2022 Supply Chain Security: Since MCP servers are executable code, their integrity and origin must be verified. It is recommended to perform security analysis, cryptographically verify cloud services, and review dependencies to prevent the introduction of malware. <\/p>\n

    \u2022 Command Execution and Isolation: To prevent code injection, input data must be sanitized and commands reviewed. It is highly recommended to run local servers in isolated environments (sandbox) that require explicit permissions. <\/p>\n

    \u2022 Request Injection (Prompt Injection): LLMs can be manipulated (intentionally or unintentionally) to perform undesired actions. To mitigate this, the user must maintain control and confirm or restrict the server\u2019s critical actions. <\/p>\n


    \u2022 Tool Injection and Integrity: A legitimate server could become malicious through updates or the use of misleading tool names. Systems should allow software version locking and alert any changes in the code after installation.

    <\/p>\n


    \u2022 Sampling Control: To prevent abuse when the server requests use of the LLM through the client, strict controls are needed: request visibility, manual user approval, frequency limits, and cost management.

    <\/p>\n

    <\/p>\n


    \u2022 Logging and Vulnerability Management: It is essential to maintain centralized or local logs to audit incidents and implement a continuous security update process for both clients and MCP servers.

    <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    <\/p>\n

    Example of Use: Security Orchestration with MCP<\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Imagine a defense system where a centralized AI (the \u201cBrain\u201d) must manage a threat. This AI uses the MCP protocol to connect directly to the company\u2019s capabilities (the tools). <\/p>\n

    The MCP ecosystem in action:<\/p>\n

    \u2022 Monitoring MCP (The \u201cEyes\u201d): The AI connects via MCP to the network monitoring tool (such as Wazuh or Nagios). MCP allows it to read traffic logs in real time and detect anomalies directly, without intermediaries. <\/p>\n

    \u2022 Malware Analysis MCP (The \u201cLaboratory\u201d): When the AI detects a suspicious file, it uses an MCP connection to send it to an external sandboxing service, wait for its execution, and retrieve the structured technical report on the malware\u2019s behavior.<\/p>\n

    \u2022 Forensic Database MCP (The \u201cMemory\u201d): The AI uses an MCP connector to perform SQL (or vector) queries directly on the SIEM or the company\u2019s historical logs. This allows it to instantly compare the current attack with past incidents to see if it\u2019s a known pattern. <\/p>\n

    <\/p>\n

    \u2022 Infrastructure MCP (The \u201cHands\u201d): Once the threat is confirmed, the AI does not merely \u201csuggest\u201d an action. Through an MCP server connected to the corporate firewall, it has the ability (if it has the permissions) to execute the command to block the IP or isolate the compromised server immediately. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    <\/p>\n

    Example of Use: Automated Red Team with MCP<\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Imagine a company wants to test its new web application using a centralized Audit AI that connects to different MCP Servers (specialized tools) to carry out the simulated attack step by step.<\/p>\n

    The workflow via MCP:<\/p>\n

    \u2022 Reconnaissance MCP (The \u201cTracker\u201d): The AI uses MCP connectors to query public databases and APIs (OSINT). It quickly identifies forgotten subdomains or exposed emails, integrating all this information into its context to have a complete view of the attack surface before starting. <\/p>\n

    \u2022 Scanning MCP (The \u201cInfiltrator\u201d): Without the need to pause, the AI uses the protocol to command vulnerability scanners on the detected targets. It reads the technical results directly to identify outdated software versions or open ports, instantly understanding the risk. <\/p>\n

    \u2022 Exploitation MCP (The \u201cExecutor\u201d): When it finds a potential breach, the AI validates it through a secure MCP connector. This allows it to run small proof-of-concept tests (such as verifying an SQL injection) to confirm whether the threat is real, technically ensuring that no damage is caused to the system. <\/p>\n

    <\/p>\n

    \u2022 Documentation MCP (The \u201cReporter\u201d): Finally, since the AI has carried out the entire process and retains all the information in its \u201cmemory,\u201d it uses a file connector to generate the report. It drafts the technical solutions and uploads them directly to the company\u2019s task manager (Jira\/Trello) without human intervention. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t
    The final impact<\/h6>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    In short, the adoption of the MCP protocol transforms artificial intelligence from a passive interlocutor into an active operator connected to the real world. This technology breaks the historical barriers between applications, allowing an AI to have full visibility and direct access to critical infrastructures that were previously isolated. More than a simple technical improvement, MCP establishes itself as the universal standard that unifies data and actions, offering a cybersecurity response capability and a richness of context that traditional fragmented systems could never match. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    Nowadays, we know that an Artificial Intelligence agent can reason and solve tasks autonomously. But what happens when the problem is too complex and requires data scattered across multiple environments, such as servers, databases, or code repositories? The solution is not to create a theoretical \u201csuperagent\u201d that knows everything by heart, but to create a […]<\/p>\n","protected":false},"author":1302,"featured_media":35486,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[572],"tags":[],"experteses":[1162,20],"class_list":["post-35426","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","experteses-ia-en","experteses-cybersecurity-en"],"acf":[],"_links":{"self":[{"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/posts\/35426","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/users\/1302"}],"replies":[{"embeddable":true,"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/comments?post=35426"}],"version-history":[{"count":9,"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/posts\/35426\/revisions"}],"predecessor-version":[{"id":35476,"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/posts\/35426\/revisions\/35476"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/media\/35486"}],"wp:attachment":[{"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/media?parent=35426"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/categories?post=35426"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/tags?post=35426"},{"taxonomy":"experteses","embeddable":true,"href":"https:\/\/inlab.fib.upc.edu\/en\/wp-json\/wp\/v2\/experteses?post=35426"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}