MCP Server¶
BCP Portal exposes an MCP (Model Context Protocol) server — letting AI agents (Claude, ChatGPT with MCP support, custom agents) interact with the platform in natural language.
What this is¶
MCP is an Anthropic standard for connecting AI agents to external systems. Instead of writing a custom integration, the AI agent talks to an MCP server over a uniform protocol and gets access to data and functions.
What you get¶
With BCP Portal's MCP server your AI agent can:
- "Show all critical findings from this week."
- "What's my CTO's security status?"
- "Find findings tied to our main domain."
- "Summarize the latest ransomware leak-site incident."
Particularly useful for:
- CISOs who want a quick summary without diving into the dashboard.
- On-call engineers — interact with the platform via the AI agent during an incident.
- Custom AI workflows — e.g., an agent that generates a daily security briefing for the CEO.
Available tools¶
| Tool | What it does |
|---|---|
whoami |
Returns info about the current user and organization |
get_my_security_status |
Summary: finding counts by severity, trends, top risks |
list_my_recent_findings |
Recent findings with filters |
get_policy |
Details of a specific organization policy |
search_policies |
Search policies by keyword |
The tool list grows with releases — your MCP client will show the current one.
Connecting¶
Claude Desktop¶
- Open Claude Desktop → Settings → Developer → Edit Config.
- Add to
claude_desktop_config.json:
json
{
"mcpServers": {
"bcp-portal": {
"url": "https://bcp.bytecode.team/mcp",
"auth": {
"type": "bearer",
"token": "YOUR_API_TOKEN"
}
}
}
}
- Restart Claude Desktop.
- A tool icon will appear in chat — meaning MCP is connected.
API tokens are generated in your Profile.
Claude Code¶
bash
claude mcp add bcp-portal https://bcp.bytecode.team/mcp \
--auth-type bearer --token YOUR_API_TOKEN
Custom MCP client¶
MCP is an open protocol (modelcontextprotocol.io). Any compatible client can connect with your Bearer token.
Security¶
- Bearer token for auth — same as REST API.
- Scope limited to your user's permissions — the agent only sees your organizations and can only do what you can.
- Rate limiting — 60 requests/min per token.
- Audit log — every MCP call is logged.
⚠️ Agent safety: don't give your API token to an agent you don't trust. An AI agent with your token has your access.
Prompt examples¶
```
Summarize my org's security state for this week
How many critical findings do we have right now and of what types?
Find all GitHub findings from the last 24 hours
Find the policy about password rotation ```
Roadmap¶
- Q3 2026: Add write-tools (e.g.,
acknowledge_finding,create_report). - Q4 2026: Streaming results, real-time subscriptions.
- 2027: Custom in-platform AI agents on top of BCP MCP.
Support¶
mcp-support@bytecode.team — for technical questions.