- Overview
- 1. Bugcrowd Platform Setup
- 2. AI Connect MCP Server Details
- 3. Connecting to Your AI Agent or Application
Overview
Unlocking Bugcrowd Data for Your LLM Applications
Bugcrowd AI Connect is a dedicated Model Context Protocol (MCP) server that securely streams your program data—such as submissions, status updates, and comments—directly to the LLM applications of your choice.
By leveraging an open protocol, AI Connect ensures your vulnerability data remains under your control while enabling real-time, context-aware security workflows in external tools like Cursor or GitHub Copilot.
Key Benefits
- Secure – Uses industry-standard, least-privilege API credentials and a dedicated Server-Sent Events (SSE) stream for real-time, one-way data flow.
- Extensible – Connects Bugcrowd data to your entire automation ecosystem, avoiding vendor lock-in.
- Real-Time – Provides immediate updates as they happen, ensuring your AI agents always have the latest context.
Key Capabilities
AI Connect enables your AI agents and tools to automate security workflows across roles and functions.
For Application Developers
- Integrate with IDEs – Query and review Bugcrowd submissions directly from environments like GitHub Copilot or Cursor.
- Generate Contextual Advice – Merge Bugcrowd vulnerability data with internal codebases to create precise remediation instructions.
For Application Security (AppSec) Teams
Program Management
- Query for new submissions filtered by attributes (e.g., “Show all NEW submission”).
- Retrieve engagement details (names, scope, reward ranges etc) to visualize and manage your evolving attack surface.
- Access the engagement brief for a specific submission to review context and scope.
Vulnerability Triage & Analysis
- Retrieve full submission details and comment histories.
- Fetch the complete comment feed for rapid triage and insight.
- Use AI agents to extract technical facts like affected endpoints, payloads, or CVEs.
1. Bugcrowd Platform Setup
Before connecting any external agent, you must enable the AI Connect integration and generate secure API credentials.
Step 1: Enable AI Connect on Your Security Program
This step activates the dedicated data stream for your program.
- Log in to the Bugcrowd Platform.
- Open the Security Program you want to enable AI Connect for.
- Navigate to Program Settings > Integrations.
- Scroll to the list of available integrations and select AI Connect.
- On the configuration page, use the toggle to Enable AI Connect.
Step 2: Generate Secure API Credentials
Security Focus: These credentials enforce a least-privilege access model and are required to authenticate your external AI agent to the Bugcrowd stream. Treat them as highly sensitive secrets.
- Select your Profile Icon in the top-right corner of the Bugcrowd platform.
- Click API Credentials.
- Use an existing credential or select Create New Credentials.
- In the App Name field, enter a descriptive name such as
AI Connect - [Program Name]for clear auditing. - Click Create Credentials.
- Immediately copy and securely store your API Key and API Secret. These values are displayed only once.
2. AI Connect MCP Server Details
Once configured, the AI Connect MCP server is accessible through a standardized URL that your external client or agent uses for connectivity and discovery.
2.1 Server URL
| Component | Value | Notes |
|---|---|---|
| Server URL | https://stream.bugcrowd.com/mcp |
Secure endpoint using Server-Sent Events (SSE) for real-time data updates |
| Protocol | Model Context Protocol (MCP) | Enables AI agents to discover and access available data streams and tools |
2.2 Connection Requirements
Your external AI agent or client requires the following to establish a secure connection:
-
Server URL:
https://stream.bugcrowd.com/mcp -
Authentication: Use the API Key (Username) and API Secret (Password) generated in Step 2.
- Some MCP tools consolidate these into a single Bearer Token field (often using the API Key).
2.3 Accessible Data Resources and Access Policy
Upon successful authentication, client applications can retrieve data based on your existing Bugcrowd permissions.
Access Policy
Access is governed by the principle of least privilege:
- You can only access data that your Bugcrowd account is permitted to view.
- Data is available only from programs where the AI Connect integration has been explicitly enabled.
- For users managing multiple organizations, access crosses the organization’s security boundary allowing you to pull in data from multiple organizations that you have been granted access to.
Available Resources
-
Submissions
- Summary Level: Query submissions with basic filtering.
- Detailed Level: Retrieve full submission details, including associated comments.
-
Engagements
Retrieve a list of all engagements associated with your security program. -
Briefs
Access the engagement brief for a specific engagement ID.
3. Connecting to Your AI Agent or Application
The AI Connect MCP server is designed for secure, seamless interoperability with both managed and custom AI agents.
3.1 Custom or Self-Managed Agent Connection
If you use a self-managed AI orchestration layer or internal tooling:
- Add a New MCP Server: In your AI client configuration, select the option to add a new Model Context Protocol server.
-
Enter the Server URL:
https://stream.bugcrowd.com/mcp - Provide Credentials: Enter the API Key and Secret generated in Section 1.
Outcome:
Your external AI agent can now securely query real-time vulnerability data from Bugcrowd, enabling advanced capabilities such as hyper-contextualized remediation guidance for developer teams.
