Goal:

Deliver the first use case of ACS MCP integrated with Lightspeed to provide accurate answers to a single use case "Is this CVE YYYY-XXXXX affecting me/my clusters?".

Goals and Expected User Outcomes

The user will be able to submit a specific, natural language query "Is this CVE affecting me?" and receive a clear, definitive, and context-aware answer with supporting details , drawn from their operational environment data within Advanced Cluster Security.

Affecting me = user's current scope. The result should focus only on the access that specific user has

The end goal for 4.10 is to showcase this functionality through OpenShift LightSpeed. The user doesn't necessarily need to have access to the cluster where Central is running.

Stretch:

For well known CVEs such as 'Log4Shell' the LLM should be able to figure out the exact CVE numbering and resolve the query.

Example of response if the CVE is found in User Workloads:

CVE-2017-12611 — Critical (NVD CVSS 9.8 V3) Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal

The vulnerability is present in User Workloads in 3 images and 3 deployments

Images:
rhacs-demo/backend-atlas:latest 
rhacs-demo/visa-processor:latest-v2 
rhacs-demo/asset-cache:latest **

Deployments:
deploymentA in Namespace payments in ClusterA
deploymentB in Namespace payments in ClusterA
deploymentC in Namespace Frontend in ClusterC

Example of response if the CVE is found in Platform:

CVE-2024-24790{{ — A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.}}

{}The vulnerability is present in Platform in 82 images and 233 deployments in 3 clusters. (if list is too long, we don't provide details){}

Acceptance Criteria

1. Core Use Case: The system accurately responds to the prompt: "Is this CVE affecting me [CVE ID]?"
2. Accuracy: The response must be factually correct based on the current security and inventory data available for the user.
3. AuthN/Authz
4. Lightspeed Integration: end-to-end flow, from user input in the Lightspeed UI to the final answer display
5. Testing results of the prompt with different LLMs. In particular any LLM that is currently certified with Lightspeed.

Success Criteria or KPIs Measured

1. Red Hat Summit Demo Readiness: The end-to-end "Is this CVE affecting me" functionality is fully operational and stable for demonstration at Red Hat Summit.