Akto as a MCP server for API security

An MCP server exposes API security scanning as a tool callable from AI coding assistants and agentic workflows. It enables on-demand, context-aware scans triggered from within development environments without leaving the editor. middleBrick provides this capability as a read-only discovery and reporting interface, not as a runtime protection or remediation layer.

The MCP server leverages the same underlying scanner that powers the web dashboard and CLI. It supports URL submission, authentication schemes, and scan-depth selection, with responses delivered in structured formats suitable for consumption by language models. The following constraints apply:

• Only read-only methods (GET, HEAD, and text-only POST for LLM probes) are used.
• Destructive payloads are never sent.
• Private IPs, localhost, and cloud metadata endpoints are blocked at multiple layers.
• Scan duration is typically under a minute per target.

Because the model does not have direct code access, business logic vulnerabilities and blind SSRF remain out of scope and require human review.

Results from the MCP server align findings with established industry standards to support audit evidence and risk prioritization. The scanner maps findings to the OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II controls. For other regulations, the tool supports audit evidence collection and control alignment, but it does not certify or guarantee compliance with HIPAA, GDPR, ISO 27001, NIST, CCPA, or similar frameworks.

Authenticated scans via the MCP server require domain verification through DNS TXT records or an HTTP well-known file, ensuring only the domain owner can submit credentials. Supported auth methods include Bearer tokens, API keys, Basic auth, and Cookies. The system forwards only a restricted allowlist of headers and enforces read-only methods. Scan data can be deleted on demand and is retained for at most 30 days after cancellation.

curl -X POST https://api.middlebrick.io/v1/scan \  -H "Content-Type: application/json" \  -d '{
  "url": "https://api.example.com",
  "auth": {
    "type": "bearer",
    "token": "**REDACTED**"
  },
  "scope": "standard"
}'

The MCP server includes LLM-focused scan tiers that probe for prompt injection, jailbreak patterns, data exfiltration attempts, token smuggling, and model abuse across Quick, Standard, and Deep levels. It parses OpenAPI 3.0, 3.1, and Swagger 2.0 definitions with recursive $ref resolution, cross-referencing the spec against runtime findings to highlight undefined security schemes, deprecated operations, and missing pagination. This helps surface implementation deviations from the declared contract.

Beyond the MCP server, middleBrick offers a web dashboard, CLI, GitHub Action, and programmatic API. The MCP integration is complementary: it brings scanning into AI workflows, but the tool does not replace human pentesters or automated security gates. The GitHub Action can enforce score thresholds in CI/CD, while the MCP server provides just-in-time insights during development. Continuous monitoring and compliance reporting are available at higher tiers but are separate from the MCP server functionality.