Blog
May 22, 2025 | 6 min

Introducing The First NHI MCP Server: AI Powered, Smarter, Driving Fast Remediation

Multi-Author

Multi-Author

Gil Portnoy
,
Yoav Avidan
,
Aram Peles Chen
,
Shahar Golden
,
Nissim Pariente
,
Introducing The First NHI MCP Server: AI Powered, Smarter, Driving Fast Remediation

A smart AI agent interface that provides key context into Non-Human Identities, enabling cybersecurity teams to intelligently manage & secure their Non-Human Identities.

Today, we’re excited to announce the launch of the first MCP server for Non-Human Identities! By using MCP, the Token platform can deliver more consistent, intelligent, and secure AI-powered experiences, enabling smart and intelligent querying, remediation, and posture insights through natural language. As the first-ever NHI Security MCP Server, this release sets a new benchmark for how security and AI can work together to protect non-human identities at scale.

Token MCP

The Token MCP Server enables security teams to ask complex questions about their non-human identity inventory using natural language. Teams can explore Token findings, request intelligent recommendations, and receive clear, actionable guidance for resolving security posture issues - all through a seamless, conversational interface.

MCP 101: The New Standard Connecting AI to Everything

MCP is rapidly gaining adoption across the AI ecosystem, with major players like OpenAI, Microsoft, and numerous developer tools already supporting it. As the protocol matures, it promises to unlock new possibilities for AI applications by breaking down data silos and enabling seamless integration with the digital world.

The Model Context Protocol (MCP) is a groundbreaking open standard that defines how AI models interact with external applications in a structured, context-rich way. MCP is rapidly emerging as the leading standard for connecting LLM-based applications to external data sources: including files, databases, and enterprise systems. First introduced in November 2024, MCP has quickly evolved and gained traction across the industry. It has already been adopted by major organizations such as Stripe, PayPal, and Atlassian, reflecting its growing role as a foundational layer for AI-powered integrations (source).

The Architecture of MCP

MCP follows a client-server architecture with three core components:

Source: Edwin Lisowski

MCP Host

The MCP host is the AI application environment (like Claude Desktop, an AI-enhanced IDE such as Cursor, or a custom AI agent) that the user interacts with. It provides the environment for executing AI-based tasks while running the MCP client.

MCP Client

The MCP client acts as an intermediary within the host environment, maintaining one-to-one connections with MCP servers. It analyzes user intent, manages communication between the host and servers, and maintains context across interactions.

MCP Server

MCP servers are lightweight programs that expose specific capabilities through the protocol. They connect to local or remote data sources and services, offering three core capabilities:

  1. Tools (Model-controlled): Functions that AI models can call to perform specific actions (similar to function calling)
  2. Resources (Application-controlled): Data sources that AI models can access (similar to GET endpoints in a REST API)
  3. Prompts (User-controlled): Pre-defined templates for optimal tool or resource usage

MCP Protocol

The protocol itself defines the language and rules for communication between clients and servers, including message formats, capability advertisement, and result handling.

Why MCP is Revolutionary

  • Standardization: One protocol connects to many tools instead of custom integrations for each service
  • Dynamic Discovery: AI models can discover and utilize available tools without hard-coded knowledge
  • Context Preservation: AI can maintain context as it moves between different tools and datasets
  • Two-way Communication: Supports persistent, real-time exchanges for both retrieving information and triggering actions
  • Secure & Scalable: Designed for enterprise use with proper security and governance considerations

Empowering Security Teams, Improving Visibility, Remediating Faster

The Token MCP Server is designed to provide security teams with these two main significant value added capabilities:

1. Enhanced Visibility

The Token MCP Server empowers users to ask complex, natural-language questions that span across their NHI inventory, permission structures, authentication methods, associated risks, environment criticality, ownership, and usage patterns. It automatically compiles and analyzes these disparate data points to deliver a prioritized and actionable view of machine identity risks: something that is often difficult and time-consuming to achieve manually.

2. Smarter, Context-Aware Remediation

Token MCP delivers customer-specific remediation guidance, including scripts, CLI commands, and fix recommendations tailored to your environments. It helps security teams quickly understand what to fix, how to fix it, why it matters, and what the impact will be - saving hours of manual investigation and accelerating time-to-resolution for both security and cloud engineering teams.

3. Connecting to agentic ecosystems

The Token MCP Server doesn’t just bring AI to your security data - it connects directly into the broader Agentic ecosystem. By adhering to the open MCP standard, the Token MCP Server enables seamless integration with autonomous AI agents in tools like ChatGPT, Claude, and Cursor, allowing these agents to reason about NHI posture, retrieve findings, generate remediation scripts, and even initiate actions without requiring human input. This unlocks powerful workflows where agents can autonomously identify risks, prioritize fixes, generate JIRA tickets with pre-filled scripts, notify stakeholders via Slack, and follow up on unresolved issues. The result is a shift from reactive security dashboards to proactive, intelligent assistants that operate continuously, driving faster resolution, improved compliance, and stronger overall security posture.

Use Cases

The Token MCP Server translates plain-language queries into Token-specific operations, such as querying the inventory, assessing risks, understanding the Identity blast radius, and generating qualified insights. The Token MCP Server is designed to be consumed from your tool of choice, either from the Token Portal, or from your favorite chat application (e.g., Claude, ChatGPT, Gemini) or AI Agent-based application (e.g., Cursor).

The following videos demonstrate how the Token MCP Server transforms security operations by enabling intuitive interaction with complex security data. Watch as security teams ask questions in natural language and receive immediate, actionable intelligence without switching between multiple tools or learning specialized query languages. These four use cases showcase how the Token MCP Server bridges the gap between human security expertise and your organization's security posture, making advanced security insights accessible to teams of all technical levels.

Understanding NHI Ownership - Fast and Accurate!

  • Watch how the Token MCP Server identifies the top 5 NHI owners responsible for the most vulnerable identities across environments.
  • This approach addresses the challenge of chasing the stakeholders, often the most time-consuming aspect of vulnerability remediation.
  • The server analyzes enterprise users and augments this information with vulnerable identity data and overall security impact.
  • The response includes a detailed list of owners with their managed identities, environments, and specific vulnerabilities requiring attention.
  • Security teams can immediately approach these key stakeholders with precise reports, enabling fast and efficient remediation procedures.

Bulk Remediation of Inactive Identities - Find the Most Impactful!

  • This video shows how the Token MCP Server tackles the challenge of prioritizing among thousands of inactive identities for de-provisioning.
  • The user achieves maximum ROI by identifying which subset of inactive identities should be addressed first.
  • The Token MCP Server analyzes risk factors across all inactive identities, determining which ones pose the highest security threat to the organization.
  • The response highlights specific inactive accounts that would deliver the greatest security improvement when remediated, backed by clear risk reasoning.
  • The MCP server generates ready-to-use de-provisioning scripts, enabling immediate action on these high-risk inactive identities.
  • This demonstration shows how MCP helps security teams save valuable time by focusing remediation efforts precisely where they matter most.

Identify GCP Service Account Consumed by AWS - A Super-Complex query!

  • This video demonstrates how the Token MCP Server solves a complex cross-cloud identity challenge with a simple natural language query.
  • The user asks the Token MCP Server to identify GCP service accounts that are used by AWS resources, a task requiring deep analysis across multiple cloud environments.
  • The Token MCP Server quickly analyzes usage patterns and findings across both cloud platforms, uncovering these hidden connections that would typically take weeks to discover manually.
  • The response provides detailed information about the exact EC2 instances using GCP service and other relevant information.
  • This powerful cross-environment visibility shows how the Token MCP Server can transform weeks of painstaking manual investigation into an immediate, comprehensive answer with actionable details.

Understand the Impact of Off-Boarded Employees!

  • The video demonstrates how an AI assistant uses the Token MCP Server to analyze off-boarding risks.
  • A manager asks the assistant to identify the implications of NHIs owned by an employee who will be off-boarded.
  • The server prioritizes the NHIs based on risk factors like access level, sensitivity, and dependencies.
  • It quickly generates a detailed report highlighting the most impactful and risky NHIs.
  • The report includes critical systems that would lose access, production environments at risk, and authentication dependencies.
  • The MCP Server also suggests specific remediation steps for each high-risk NHI.
  • This automated analysis prevents security gaps during employee transitions.
  • The entire process takes seconds instead of hours of manual security review.

Summary

The Token MCP Server marks a significant leap in our Agentic AI vision, giving customers unprecedented natural language access to their security posture. By connecting AI assistants to Token's comprehensive security platform, we enable teams to interact with complex security data through simple conversations instead of navigating dashboards or writing specialized queries. This Agentic AI approach transforms how security professionals engage with their data, allowing the AI to autonomously gather information, analyze patterns, and take action on their behalf.

As we continue to expand this technology's capabilities, we'll introduce additional features to address even more cybersecurity scenarios and workflows, further enhancing the power of natural language in security operations.

Discover other articles

AWS Built a Security Tool. It Introduced a Security Risk.

AWS Built a Security Tool. It Introduced a Security Risk.

Apr 28, 2025
|
7 min
Blog
May 19, 2025 | 7 min
Secure Cross-Account Access is Tricky. Four Common Dangerous Misconceptions

Secure Cross-Account Access is Tricky. Four Common Dangerous Misconceptions

Apr 22, 2025
|
5 min
Blog
Apr 28, 2025 | 5 min
IAM Role Trust Policies: Misconfigurations Hiding in Plain Sight

IAM Role Trust Policies: Misconfigurations Hiding in Plain Sight

Apr 15, 2025
|
5 min
Blog
Apr 22, 2025 | 5 min

Be the first to learn about Machine-First identity security

Book a Demo
©X Token Security. All rights reserved
Terms of UsePrivacy Policy
Blog
Blog