Managing system vulnerabilities is a critical, yet often overwhelming, task for IT security teams. Traditional methods require deep API knowledge, cross-referencing data across multiple dashboards (inventory, vulnerability status, and remediation), and manually building reports. With limited resources and complex environments to manage, staying ahead of the next big exposure can be a challenge.
The Red Hat Lightspeed (formerly known as Red Hat Insights) Model Context Protocol (MCP) helps simplify vulnerability management by integrating the Red Hat Lightspeed vulnerability service with an AI agent. This allows security professionals to use simple, natural language prompts to perform complex security risk assessments, prioritization, and automated remediation planning. By connecting the large language model (LLM) agent directly to the underlying services, the MCP enables workflows that are faster, smarter, and less error-prone.
Red Hat Lightspeed Model Context Protocol (MCP)
The Model Context Protocol is the foundational framework that bridges the capabilities of large language models (LLMs) with Red Hat's operational services (like vulnerability, inventory, image builder, and advisor).
It acts as an intelligent translator by:
- Providing context: It feeds the LLM with real-time, contextual data from your environment (inventory status, system health, and vulnerability reports). This turns the general-purpose LLM into a domain-specific expert for your infrastructure.
- Enabling tool use: The MCP allows the LLM agent to interact directly with platform APIs. When you submit a natural language prompt (for example, "Which systems are exposed to Log4Shell?"), the MCP directs the AI to use the appropriate tools (in this case, the vulnerability service) to execute the request, instead of just generating a textual response.
- Facilitating orchestration: MCP lets you use a single natural language prompt to trigger multi-step workflows across. several services (for example, find the risk, locate the system, generate the fix).
In short, the MCP is what enables a simple question to trigger a complex, automated security operation across your Red Hat environment.
Transforming security tasks with natural language prompts
MCP's capabilties are best demonstrated through the specific natural language questions you can now ask. These prompts, which previously required complex scripts or multiple dashboard selections, now yield results instantly.
Here are example prompts you can use with our MCP server.
Critical and immediate response use cases
| Functionality | Natural language prompt |
| Urgent patch identification | Show me all critical vulnerabilities (CVSS score > 8) affecting my RHEL systems that don't have patches applied yet. |
| Specific exploit exposure | Which systems are exposed to CVE-2021-4034 (polkit/pwnkit) and generate a remediation playbook? |
| Risk group assessment | What are the top 5 most critical CVEs affecting my infrastructure right now, and which systems are most at risk? |
| Threat actor focus | Find all vulnerabilities actively being exploited in the wild that affect my registered systems. |
Prioritization and remediation planning use cases
| Functionality | Natural language prompt |
| Prioritization | Prioritize vulnerabilities for my staging systems based on severity, exploitability, and business impact. |
| Remediation script generation | Generate an Ansible playbook to remediate all critical vulnerabilities on my database servers. |
| Minimal downtime planning | Which vulnerabilities can be fixed without requiring a system reboot? |
| Reporting exposure | Which systems are non-compliant with our security policy requiring all CVEs with a CVSS score above 7.0 to be patched within 30 days? |
Connecting security and operations with MCP
Red Hat Lightspeed MCP allows you to perform complex analysis across multiple services (such as vulnerability, inventory, and advisor) using a single prompt. This approach streamlines multi-step workflows across your environment without requiring you to switch between different tools.
Cross-service prompts for holistic security
| Multi-service task | Example prompt to the MCP |
| Proactive remediation planning (vulnerability + inventory) | I need to plan my next patch window. Show me all RHEL 8 servers in the 'Staging' environment with at least one high-severity vulnerability, and then summarize the suggested remediation playbook for those systems. |
| Asset discovery and risk mapping (vulnerability + inventory) | Show me all RHEL 7 systems in my inventory that have critical vulnerabilities and are running in production data centers. |
| Holistic health assessment (vulnerability + inventory + advisor) | Show me systems with both critical vulnerabilities AND performance/stability issues flagged by advisor. |
| Automated response planning (all services) | Generate remediation playbooks for all production systems affected by Log4Shell, grouped by environment. |
By using these prompts, you can move beyond simple vulnerability scanning and automate the complex process of identifying, prioritizing, and remediating risks across your entire fleet, ensuring better configuration management database (CMDB) hygiene.
Join the future of AI-driven security
Now is a great time to test, experiment, and provide feedback when you connect existing Red Hat Lightspeed MCP with your LLMs. Whether you're exploring automation, improving incident processes, or building intelligent dashboards, this preview places Red Hat Lightspeed capabilities at your LLM-driven fingertips.
This release offers early access to useful MCP-driven workflows with Red Hat Lightspeed. Share your feedback—including bug reports, requests for additional toolsets, and enhancement ideas—through the Red Hat Issue Router (select MCP) or by contributing to our GitHub repository. Your input will directly refine and shape the future of Red Hat Lightspeed MCP.
