SHOW NOTES

In this episode of SecOps Weekly, Hare Sudan, Atomic Red Team community contributor, joins Red Canary’s Phil Hagen to demonstrate how AI can streamline cybersecurity testing workflows using Atomic Red Team and Model Context Protocol (MCP) servers.

Phil and Hare show how the new Atomic Red Team MCP server eliminates manual processes that previously took 40+ minutes, allowing users to automatically generate playbook YAML files from threat intelligence reports using natural language queries.

Hare explains how MCP servers work as flexible API interfaces that connect AI tools like Claude to various backend systems, enabling users to query over 1,600 atomic tests, execute them remotely, and validate results without manual context switching.

The demo showcases creating atomic tests from threat intelligence reports and highlights the tool’s ability to find existing tests or generate new ones based on MITRE ATT&CK TTPs. Both Phil and Hare emphasize the importance of proper authorization before executing tests in lab environments and demonstrates how this AI-powered approach transforms manual adversary emulation campaigns into streamlined, automated workflows.