The RAD Security MCP Server provides AI-powered security insights and management for Kubernetes and cloud environments.

Core Capabilities:

• Container Security: List and search containers with filtering, analyze process trees and runtime behavior, get runtime baselines, and perform LLM-powered analysis of container behavior

• Kubernetes Management: List clusters and resources (pods, deployments, services, etc.), inspect resource manifests, and detect misconfigurations with policy listings

• Identity & Access Management: List identities (service accounts, users, groups) across clusters, get identity details, and audit pod shell access logs

• Cloud Security: Inventory cloud resources across AWS, GCP, Azure, and Linode with compliance monitoring and filtering by type, account, and status

• Image Security: List container images, retrieve SBOMs, analyze vulnerabilities filtered by severity, and identify top vulnerable images

• Network Security: Monitor HTTP requests with PII detection, track network connections between workloads, and analyze connection patterns

• Threat Detection: List and analyze threat vectors with filtering by namespace, cluster, resource, severity, type, and status

• Security Findings Management: List findings (misconfigurations, threats, runtime alerts, audit anomalies) and update their status (open, closed, ignored)

• CVE Database: Search CVEs by vendor/product, view detailed CVE information, list vendors and products, and access the latest 30 CVEs with CAPEC, CWE, and CPE expansions

• Inbox Management: List inbox items with flexible filtering, get item details, and mark items as false positives with reasons

Customization: Filter toolkits using INCLUDE_TOOLKITS or EXCLUDE_TOOLKITS environment variables across 15 toolkit categories, with multiple deployment options (npm, Docker with Streamable HTTP or SSE).

Note: Authentication with RAD_SECURITY credentials is required for most operations, except CVE database access and misconfiguration policy listing.

Enables runtime security analysis of containers, including process behavior monitoring, baselines, and container inventory management.

Provides security insights for Kubernetes environments, including cluster inventory, container details, Kubernetes resource monitoring, and identifying security vulnerabilities in Kubernetes objects.

Required runtime environment for the MCP server, with version 20.x or higher needed for operation.

Used for package installation and management of the MCP server.

Provides audit capabilities to track and monitor shell access to pods.