Skip to content

MCP Server

BCP Portal exposes an MCP (Model Context Protocol) server — letting AI agents (Claude, ChatGPT with MCP support, custom agents) interact with the platform in natural language.

What this is

MCP is an Anthropic standard for connecting AI agents to external systems. Instead of writing a custom integration, the AI agent talks to an MCP server over a uniform protocol and gets access to data and functions.

What you get

With BCP Portal's MCP server your AI agent can:

  • "Show all critical findings from this week."
  • "What's my CTO's security status?"
  • "Find findings tied to our main domain."
  • "Summarize the latest ransomware leak-site incident."

Particularly useful for:

  • CISOs who want a quick summary without diving into the dashboard.
  • On-call engineers — interact with the platform via the AI agent during an incident.
  • Custom AI workflows — e.g., an agent that generates a daily security briefing for the CEO.

Available tools

Tool What it does
whoami Returns info about the current user and organization
get_my_security_status Summary: finding counts by severity, trends, top risks
list_my_recent_findings Recent findings with filters
get_policy Details of a specific organization policy
search_policies Search policies by keyword

The tool list grows with releases — your MCP client will show the current one.

Connecting

Claude Desktop

  1. Open Claude Desktop → Settings → Developer → Edit Config.
  2. Add to claude_desktop_config.json:

json { "mcpServers": { "bcp-portal": { "url": "https://bcp.bytecode.team/mcp", "auth": { "type": "bearer", "token": "YOUR_API_TOKEN" } } } }

  1. Restart Claude Desktop.
  2. A tool icon will appear in chat — meaning MCP is connected.

API tokens are generated in your Profile.

Claude Code

bash claude mcp add bcp-portal https://bcp.bytecode.team/mcp \ --auth-type bearer --token YOUR_API_TOKEN

Custom MCP client

MCP is an open protocol (modelcontextprotocol.io). Any compatible client can connect with your Bearer token.

Security

  • Bearer token for auth — same as REST API.
  • Scope limited to your user's permissions — the agent only sees your organizations and can only do what you can.
  • Rate limiting — 60 requests/min per token.
  • Audit log — every MCP call is logged.

⚠️ Agent safety: don't give your API token to an agent you don't trust. An AI agent with your token has your access.

Prompt examples

```

Summarize my org's security state for this week

How many critical findings do we have right now and of what types?

Find all GitHub findings from the last 24 hours

Find the policy about password rotation ```

Roadmap

  • Q3 2026: Add write-tools (e.g., acknowledge_finding, create_report).
  • Q4 2026: Streaming results, real-time subscriptions.
  • 2027: Custom in-platform AI agents on top of BCP MCP.

Support

mcp-support@bytecode.team — for technical questions.