MCP Integrations
How BondMesh connects to the tools it needs to close the loop
BondMesh doesn't stop at detecting a threat; it acts on it. That means querying threat intelligence, scanning assets, fixing vulnerable code and cutting network access in one automated sequence, with no human step in between. Model Context Protocol (MCP) is what makes this possible. This page walks through each integration and how BondMesh actually uses it.
A call interface
for AI agents.
MCP (Model Context Protocol) is a standard that lets an AI agent make structured calls to external services. The agent sends a request (a tool name and parameters), the service executes it and returns structured data, and the agent uses that result to decide its next step.
What makes it different from a regular integration: the AI itself decides when to call a tool, what to pass, and what to do with the result. There is no pre-written playbook that dictates the sequence. The agent chains calls in real time based on what it finds. A human configures access once; after that, the AI drives everything.
Acting on a threat
requires live data.
An AI that only processes data it was trained on cannot act on an attack happening right now. BondMesh needs to read a crime score for an IP seen five seconds ago, scan the exact version of the repository currently running in production, and cut off network access for an account compromised in this session rather than last week.
MCP is how BondMesh gets live access to each of those capabilities. Each partner exposes a set of named tools. BondMesh calls them in sequence, each step informed by the last, until the threat is contained and the underlying cause is fixed.
A crime score for every IP,
sourced from 290+ organisations.
OneFirewall runs the World Crime Feed, a live threat intelligence database built from reports submitted by 290+ member organisations. Every IPv4 address in the feed has a crime score from 1 to 1000 based on observed behavior: port scanning, credential stuffing, C2 communication, malware delivery. The MCP server exposes this as four callable tools that any MCP-compatible AI agent can use in real time.
- When an alert arrives containing an external IP address, BondMesh calls get_ip_intel to retrieve that IP's crime score, its MITRE ATT&CK technique mappings, and a count of how many Alliance members have reported it. An IP scoring above 800 with technique T1071 (application-layer C2) triggers an immediate block, with no analyst review or escalation queue.
- After BondMesh independently confirms an IP as malicious through its own incident analysis, it calls report_ip with a confidence score (0.0–1.0) and behavioral notes. The report propagates to all 290+ Alliance members in under 200 milliseconds, so every BondMesh incident becomes shared intelligence across the network.
- On a scheduled basis, BondMesh calls get_live_ipv4_feeds filtered by a minimum crime score threshold. The returned blocklist is pushed directly to firewall ACL rules; no one has to log in, export a file or apply it by hand.
- Before relying on any of the above, BondMesh calls get_agent_status to check the current score thresholds, last sync timestamp and active blocklist size, to confirm the intelligence layer is current before trusting its output in a live decision.
Scan what an attacker
sees from the outside.
Vulnix0 scans an organisation's external-facing assets: domains, subdomains, open ports, TLS certificate state, and web application vulnerabilities. Its MCP server lets an AI agent start a scan against a specific target, retrieve the structured findings once complete, and compare results against the previous scan to see exactly what changed: new ports, new subdomains, certificates approaching expiry.
- When a new CVE is published that matches technology in BondMesh's asset inventory, it calls vulnix0_start_scan against the affected domains immediately rather than waiting for the next scheduled scan window. It passes the target, a project ID, and an optional OpenAPI spec for web application endpoints.
- Once the scan completes, BondMesh calls vulnix0_get_scan_result to retrieve the full findings: severity breakdown, open ports, TLS certificate expiry dates, discovered subdomains, and a security scorecard. This becomes part of the incident context the AI reasons over when deciding what to remediate first.
- BondMesh calls vulnix0_get_asset_latest_change to get the delta since the previous scan: a port that just opened, a certificate four days from expiry, a subdomain that did not exist before. It acts only on what is actually new.
- If the scan reveals an exposed service on an unexpected port, BondMesh carries the finding straight into the AquilaX step to identify the code or configuration responsible.
Find the vulnerable line
and generate the fix.
AquilaX scans source code repositories for SAST vulnerabilities, exposed secrets, insecure dependencies, container misconfigurations, and supply chain risks. Its MCP server includes a fix_vulnerability tool that returns a secure code replacement for a specific finding: a ready-to-apply patch with the exact file and line location, rather than a description of the problem.
- When an application vulnerability is confirmed (either from Vulnix0's external scan or from exploit traffic seen in the SIEM), BondMesh calls start_scan on the relevant repository via its Git URL. It polls get_scan_status until the scan completes.
- BondMesh calls list_vulnerabilities filtered to high and critical severity. Each finding includes the CWE classification, the exact file path and line number, and the vulnerable code snippet, so BondMesh gets exactly what it needs without reading the whole codebase.
- For each high-severity finding, BondMesh calls fix_vulnerability. AquilaX returns a secure code replacement. BondMesh opens a pull request with the fix applied. The developer reviews a ready-to-merge change instead of a vague advisory asking them to investigate.
- During an active incident, when BondMesh needs to check a specific code path immediately, it calls scan_code with the snippet directly. SAST results come back in seconds without triggering a full repository scan.
Cut off access and reconfigure
the network without logging in.
ClosedVPN manages VPN infrastructure: user certificates, connection states, routing configurations, and access policies. Its MCP server exposes 31 tools covering organisation management, VPN configuration, real-time connection monitoring, threat prevention metrics, and certificate management. An AI agent can act on network access the same way it acts on any other data source: by calling a named tool with the right parameters.
- When a user account is confirmed as compromised (credential stuffing, session hijack, or lateral movement traced to that endpoint), BondMesh reads the active VPN session via get_connection_stats, then deletes the VPN configuration assigned to that account. The session drops immediately, and nobody has to be paged or log into an admin console.
- BondMesh reads get_threat_metrics continuously: blocked threat counts, risk scores per segment, and protected user counts feed directly into its per-segment risk model. A segment showing a spike in blocked threats gets higher scrutiny in subsequent alert triage, since BondMesh treats it as a sign that something is actively probing that part of the network.
- When BondMesh determines that lateral movement is in progress (an endpoint talking to internal hosts it has never contacted before), it calls the VPN configuration tools to restrict routing for that specific network segment while the investigation runs. Traffic for users outside the affected segment continues normally.
- Once the affected account is cleared (credentials rotated, the compromised session traced and closed), BondMesh calls generate_certificate to issue a new client certificate and restore access. The user is back online without a help desk ticket or a manual approval chain.
All four integrations firing
in a single attack chain.
A new exploit targets Apache HTTP Server. Here is how BondMesh handles it from first signal to closed loop, with no human steps and no ticket queue.
get_ip_intel; the crime score comes back at 940 with technique T1071 (C2 over HTTP). BondMesh blocks the IP and calls report_ip to share the finding with all 290 Alliance members in under 200ms.vulnix0_start_scan across all external assets. The change report returns one new finding: Apache 2.4.49 running on port 8080, the version affected by the CVE. BondMesh now knows the exact asset and port that need to be closed.start_scan on the backend repository. list_vulnerabilities returns the vulnerable dependency pinned at requirements.txt:14. fix_vulnerability generates the corrected version constraint. BondMesh opens a pull request with the fix ready to merge.delete_config for the VPN routing assigned to the affected server's network segment. Users in other segments are unaffected. Once the fix deploys and Vulnix0 confirms port 8080 is closed, routing is restored via create_vpn_config.Connect BondMesh to your stack
MCP integrations are available for teams in the BondMesh early access programme. Request access to see the full incident loop running against your environment.