Copy paste from Stackrox MCP server (need to modify){}

Epic Goal

The primary goal of the StackRox MCP feature is to enable natural language interaction with the StackRox API using Large Language Models (LLMs). This will empower users to query StackRox for critical security information and even perform actions by simply asking questions in plain language, eliminating the need to navigate complex API calls.

Why is this important?

The barrier to entry in the MCP world is currently low, and by directly exposing StackRox APIs through this feature, we can position ourselves as offering cutting-edge technology to our customers. Furthermore, the rapidly evolving field of LLMs presents a significant opportunity. Prioritizing this feature allows our team to actively explore how these technologies can enhance Red Hat's security offerings and keep us at the forefront of innovation. Enabling natural language interaction can also pave the way for more sophisticated automation of security tasks and workflows in the future.

Understanding our customers' maturity and preferences in this space is also crucial. We aim to gather insights into their adoption of local versus cloud-based LLMs. Specifically, we need to determine:

• Will customers prioritize the data privacy offered by local LLMs, despite potential limitations in speed and context?
• Are customers willing to utilize cloud-based LLMs, and if so, which providers are preferred? This will help us understand their comfort level with connecting security results to third-party tools.

This initiative also holds the potential to address existing customer pain points, such as the difficulty in interpreting or locating specific data within reports. With the increasing prevalence of AI, we anticipate customers will:

• Seek direct answers to concrete questions in an easily understandable, human-readable format.
• Desire the ability to create more complex workflows that involve retrieving and integrating data from various tools.

Phase 1: Rapid Development of a Basic MCP Server

The initial step involves the swift creation of a foundational MCP server. This will be achieved by directly connecting the existing StackRox APIs in a manner that allows an LLM to effectively retrieve their content. This approach leverages prior efforts, such as the prototype developed by Robby during the hackathon. The primary objective is to produce a basic, yet functional, version of the MCP server within a short timeframe. This early deliverable will facilitate initial testing and integration efforts, establishing a fundamental building block for subsequent development and the collection of early user feedback.

The following guide must be followed when creating MCP design, it has been created by Prod Sec:  https://docs.google.com/document/d/191SowuNYeubC8X0ziTfnfbuTCaEaRZ32HuWZhlpNzWY/edit?tab=t.0#heading=h.35y2gsvqwqzd

Phase 2: Exploration of Key User Interactions and API Metadata Refinement

In parallel, we will conduct a focused investigation into likely user interactions with ACS through the MCP server. This exploratory phase aims to identify practical use cases by envisioning the types of questions customers might ask. A key goal of this plan is to refine the APIs' metadata. By enriching the metadata, we aim to provide the LLM with as much contextual information as possible, thereby enabling it to generate more accurate and valuable responses for the customer.

Phase 3: Marketing our MCP Server

To generate awareness and encourage adoption, we will actively market our MCP server through engaging content. This will include the creation of a blog post detailing the capabilities and benefits of the feature, along with a complementary YouTube video showcasing practical use cases and demonstrating its ease of use. This proactive outreach will aim to reach potential early adopters, gather valuable feedback, and establish StackRox as an innovator in the realm of AI-powered security interaction.

Recommendations for TP (provided for AI team)

• API Strategy: Expose a limited set of APIs that are use-case-driven, rather than all raw APIs, due to the difficulty models have with a large number of tools.

• Deployment and Data Handling:

• • Default to a read-only deployment, with users explicitly opting in for mutating calls.

• • Exclude sensitive information by default, such as secrets or route keys, to address user hesitation about empowering models and to protect data.

• • Implement hardened authentication and authorization workflows to mitigate security concerns.

• Testing: Develop an evaluation scenario-driven test suite to evaluate how well different models perform with the MCP server. This will help guide customers and inform tool selection.

• Life Cycle Management: Separate the life cycle requirements for the MCP server from the product, ensuring it supports a range of ACS versions.
• Collaboration and Best Practices:
  • Develop a GitHub repository for MCP best practices in collaboration with other teams.

• • Hold collaborative brainstorming sessions about potential agent scenarios involving multiple MCP servers.

Documentation: Improve the documentation for the OpenSpec API to detail required fields for specific endpoints.

Dependencies (internal and external)

1. Will RH creating a standard recommendation/way for creating MCP Servers. 

2. Will RH deliver a LLM (vLLM?) to run on CPU for the customer to play with MCP Server