Share
## https://sploitus.com/exploit?id=CDDDC15E-5900-545C-A39C-314D7BA2A7F1
# Autonomous Cyber Red Team MCP Server

Autonomous cyber red team intelligence for AI agents β€” this MCP server gives Claude, GPT-4o, and any MCP-compatible agent the ability to run quantitative attack simulations, synthesize exploit chains, forecast vulnerability emergence, and model adversary behavior using eight rigorously implemented mathematical frameworks. It is built for security engineers, threat analysts, and AI agents that need structured, reproducible cyber risk intelligence from a single tool call.

The server aggregates live data from 15 cybersecurity sources in parallel β€” NVD, CISA KEV, Censys, DNS, SSL transparency logs, WHOIS, GitHub, StackExchange, Hacker News, OFAC, OpenSanctions, IP geolocation, tech stack detection, website monitoring, and FRED economic data β€” assembles a weighted attack graph, then applies algorithms from game theory, stochastic processes, and extreme value theory to produce quantitative outputs that go well beyond keyword searches or CVSS score lookups.

## What data can you access?

| Data Point | Source | Example |
|---|---|---|
| πŸ“‹ CVE records with CVSS base scores and CWE classifications | NVD CVE Search | CVE-2021-44228, CVSS 10.0 (Log4Shell) |
| 🚨 Known exploited vulnerabilities with CISA remediation deadlines | CISA KEV Catalog | 1,000+ actively exploited CVEs |
| 🌐 Exposed hosts, open ports, and service banners | Censys Search | 443/tcp nginx 1.18.0, cert CN=*.target.com |
| πŸ” DNS record enumeration (A, AAAA, MX, TXT, CNAME, NS) | DNS Lookup | mail.acmecorp.com β†’ 203.0.113.42 |
| πŸ”’ SSL/TLS certificates and transparency log entries | SSL Certificate Search | *.acmecorp.com, SAN=admin.acmecorp.com |
| πŸ“ Domain registration data, registrar, and expiry | WHOIS Lookup | Registered 2008, expires 2026, GoDaddy |
| πŸ“ IP-to-ASN mapping with country and ISP | IP Geolocation | AS14618 Amazon, us-east-1 |
| πŸ› οΈ Technology stack identified from HTTP headers and HTML | Tech Stack Detector | Apache 2.4.51, PHP 7.4, WordPress 5.8 |
| πŸ’» Proof-of-concept exploit repositories and security tools | GitHub Repo Search | CVE-2021-44228 POC, 3.2K stars |
| πŸ’¬ Security community Q&A and technique discussions | StackExchange (Security.SE) | "How does Pass-the-Hash work on AD?" |
| πŸ“° Vulnerability disclosures and security news | Hacker News Search | "New 0-day in OpenSSLβ€”patch now" |
| πŸ›οΈ US Treasury OFAC Specially Designated Nationals | OFAC Sanctions Search | Threat actor entity screening |
| 🌍 Multi-jurisdiction sanctions and watchlists | OpenSanctions Search | 100+ programs, EU, UN, Interpol |
| πŸ“‘ Security advisory and policy page changes | Website Change Monitor | CISA advisory page deltas |
| πŸ’° Cybersecurity market spend and cyber insurance indices | FRED Economic Data | US cybersecurity GDP component |

## MCP tools

| Tool | Price | Algorithm | Best for |
|---|---|---|---|
| `simulate_attack_defense_posg` | **$0.045** | POSG via HSVI2 point-based value iteration, alpha-vector pruning | Optimal attacker/defender strategy, game value computation |
| `synthesize_exploit_chains` | **$0.040** | AND-OR graph A* with CVSS admissible heuristic h(n) = max CVSS on path | Multi-step attack path discovery, remediation prioritization |
| `predict_vulnerability_emergence` | **$0.035** | Hawkes self-exciting process with power-law kernel, thinning simulation | 30/90-day CVE forecasting, patch cycle planning |
| `optimize_defender_allocation` | **$0.040** | Colonel Blotto game, Nash equilibrium via fictitious play | Security budget allocation, dominated-strategy elimination |
| `model_adaptive_adversary` | **$0.035** | Exp3 multi-armed bandit, importance-weighted reward updates | APT technique prediction, proactive defense planning |
| `compute_lateral_movement_risk` | **$0.035** | Absorbing Markov chain, fundamental matrix N=(I-Q)^-1, epidemic threshold | Network propagation risk, segmentation validation |
| `assess_zero_day_tail_risk` | **$0.035** | GPD extreme value theory, probability-weighted moments | VaR/CVaR quantification, cyber insurance pricing |
| `forecast_threat_landscape_evolution` | **$0.030** | Replicator dynamics dx_i/dt = x_i(f_i βˆ’ Ο†), ESS identification | Long-term threat strategy, EMERGING/DECLINING classification |

## Why use the Autonomous Cyber Red Team MCP?

Security teams running manual threat assessments spend hours correlating CVE feeds, mapping attack paths on whiteboards, and guessing at budget allocation. Consultancies charge $15,000–50,000 for a red team engagement that covers a fraction of the attack surface and produces results that are stale within weeks.

This MCP server automates the quantitative layer of that work. An AI agent calls a single tool, the server fans out across 15 data sources in parallel, builds a live attack graph, and returns mathematically grounded outputs β€” game values, probability distributions, expected steps to compromise, and tail risk estimates β€” within 60–180 seconds.

Benefits of running on the Apify platform:

- **Scheduling** β€” run weekly threat landscape forecasts on a cron schedule to track how the risk posture changes over time
- **API access** β€” integrate tool outputs directly into SIEM, SOAR, or custom dashboards via the Apify API
- **Spending limits** β€” set a maximum credit spend per session so AI agents cannot exceed a cost budget
- **Webhooks** β€” trigger alerts to Slack or PagerDuty when vulnerability burst probability exceeds a threshold
- **No infrastructure** β€” the MCP server runs in Apify standby mode with zero self-hosted infrastructure

## Features

- **8 distinct mathematical frameworks** β€” POSG, AND-OR A*, Hawkes process, Colonel Blotto, Exp3 bandit, absorbing Markov chain, GPD extreme value theory, and replicator dynamics β€” each implemented from first principles in TypeScript
- **15 live data sources queried in parallel** β€” every tool call fans out to NVD, CISA KEV, Censys, DNS, SSL, WHOIS, IP geolocation, tech stack, GitHub, StackExchange, Hacker News, OFAC, OpenSanctions, website monitor, and FRED simultaneously
- **Attack graph construction from heterogeneous inputs** β€” `buildAttackGraph()` normalizes all 15 source outputs into a unified weighted directed graph with `VulnNode` and `AttackEdge` types, CVSS-weighted edges, AND/OR prerequisite flags, and technique labels
- **HSVI2 belief-space planning** β€” `simulateAttackDefensePOSG()` solves the NEXPTIME-complete POSG on the belief simplex using point-based value iteration with alpha-vector pruning, returning converged game values and belief-state strategies
- **CVSS-admissible A* heuristic** β€” `synthesizeExploitChains()` guarantees optimal-cost attack paths via h(n) = max CVSS score on remaining path; AND nodes require all prerequisites satisfied, OR nodes need any single one
- **Power-law Hawkes kernel** β€” `predictVulnerabilityEmergence()` uses Ξ»(t) = ΞΌ + Ξ£_i Ξ±(1 + (tβˆ’t_i)/c)^(βˆ’(1+Ο‰)) to capture long-memory CVE clustering; thinning simulation forecasts 30-day and 90-day counts
- **Fictitious play Nash equilibrium** β€” `optimizeDefenderAllocation()` runs the Colonel Blotto game on security domain battlefields; each iteration best-responds to the empirical opponent distribution until convergence
- **Exp3 importance-weighted updates** β€” `modelAdaptiveAdversary()` applies w_i(t+1) = w_i(t) Γ— exp(Ξ· Γ— rΜ‚_i / K) with optimal Ξ· = √(2 ln K / T) to track which attack techniques an adversary will favor
- **Gauss-Jordan fundamental matrix** β€” `computeLateralMovementRisk()` inverts (Iβˆ’Q) using full pivoting to compute N = (Iβˆ’Q)^-1, giving expected steps from every transient state to absorption; epidemic threshold Ξ²_c = ⟨k⟩/⟨k²⟩ determines supercritical spread
- **Probability-weighted moments GPD fitting** β€” `assessZeroDayTailRisk()` fits a Generalized Pareto Distribution to CVSS exceedances above threshold, returning VaR(95%), VaR(99%), CVaR(95%), CVaR(99%), and return periods
- **Replicator dynamics with ESS detection** β€” `forecastThreatLandscapeEvolution()` integrates dx_i/dt = x_i(f_i βˆ’ Ο†Μ„) and classifies each technique as EMERGING, GROWING, MATURE, or DECLINING based on growth rate and fitness; evolutionary stable strategies are identified by invasion resistance
- **Seeded PRNG for reproducibility** β€” mulberry32 PRNG with query-derived seed ensures deterministic outputs for the same input across runs
- **Spend limit enforcement** β€” every tool calls `Actor.charge()` and checks `eventChargeLimitReached` before executing, respecting per-session budget caps set by the caller

## Use cases for autonomous cyber red team intelligence

### Penetration testing preparation

Security engineers preparing for a red team engagement use `synthesize_exploit_chains` to map the entire AND-OR attack graph for a target environment before the test begins. The A* search surfaces multi-step paths that human testers might miss β€” for example, a chain from an exposed legacy SSH service through a misconfigured jump host into a domain controller β€” with total CVSS cost and estimated execution time for each path.

### Security budget allocation and CISO reporting

CISOs and security directors use `optimize_defender_allocation` to translate threat data into resource allocation recommendations. The Colonel Blotto output shows which security domains (perimeter, identity, endpoint, cloud, network) are under-defended relative to the Nash equilibrium, and identifies dominated strategies where current spending provides no marginal protection.

### Vulnerability management and patch prioritization

Vulnerability management teams use `predict_vulnerability_emergence` to forecast CVE disclosure rates for specific technologies β€” Linux kernel, Apache, Windows Active Directory β€” over 30 and 90-day horizons. Hawkes process burst probability identifies when a clustering event is likely, enabling teams to pre-position remediation resources before a wave of disclosures.

### Cyber insurance underwriting and actuarial pricing

Underwriters and actuaries use `assess_zero_day_tail_risk` to quantify the severity distribution of vulnerabilities in a policyholder's technology stack. GPD-fitted VaR and CVaR metrics provide a statistically grounded basis for maximum loss estimates and premium calculations, replacing rule-of-thumb cyber risk scoring.

### APT tracking and threat intelligence

Threat intelligence analysts use `model_adaptive_adversary` to model how known APT groups β€” APT29, Lazarus, Sandworm β€” adapt their technique selection against specific defensive postures. The Exp3 bandit output predicts which MITRE ATT&CK techniques will be prioritized in future campaigns based on historical adaptation speed and estimated reward.

### Strategic security planning

Security architects and long-range planners use `forecast_threat_landscape_evolution` to understand which attack techniques are gaining evolutionary fitness and which are declining. Replicator dynamics identifies evolutionary stable strategies β€” techniques that, once dominant, resist displacement by alternatives β€” enabling investment in defenses against tomorrow's threat landscape, not last year's.

## How to connect this MCP server

### Step 1 β€” Get your Apify API token

Sign up at [apify.com](https://apify.com) and copy your API token from Account Settings. The free plan includes $5 of monthly credits.

### Step 2 β€” Add to your MCP client

**Claude Desktop** β€” add to `claude_desktop_config.json`:

```json
{
  "mcpServers": {
    "autonomous-cyber-red-team": {
      "url": "https://autonomous-cyber-red-team-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_TOKEN"
      }
    }
  }
}
```

**Cursor / Windsurf / Cline** β€” add the same URL and Authorization header in your MCP server settings.

### Step 3 β€” Call a tool

Ask your agent: "Synthesize exploit chains for apache log4j corporate network" or "Model an APT29 adaptive adversary targeting financial services." The agent calls the tool, the server aggregates 15 data sources, and returns structured JSON with the quantitative analysis.

### Step 4 β€” Interpret the results

Each tool returns a JSON object with algorithm-specific fields alongside a `graphSummary` showing how many nodes and edges were constructed from the live data. Higher node and edge counts indicate richer signal from the data sources.

## Tool parameters

All 8 tools share the same two input parameters:

| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| `query` | string | Yes | β€” | Target domain, technology, threat actor, or scenario (e.g. "apache log4j corporate network", "APT29 nation-state attack", "ransomware healthcare sector") |
| `maxResults` | number | No | 30–50 (varies by tool) | Maximum results to fetch per actor. Range: 5–100. Higher values improve model quality but increase response time. Tools 3 and 7 default to 50 for better statistical estimation. |

### Input examples

**Exploit chain synthesis for a specific CVE:**
```json
{
  "query": "apache log4j CVE-2021-44228 corporate network",
  "maxResults": 30
}
```

**APT adversary modeling with high data volume:**
```json
{
  "query": "APT29 nation-state attack financial sector",
  "maxResults": 50
}
```

**Zero-day tail risk for a technology portfolio:**
```json
{
  "query": "linux kernel remote code execution",
  "maxResults": 50
}
```

**Rapid threat landscape forecast:**
```json
{
  "query": "ransomware healthcare sector",
  "maxResults": 20
}
```

### Input tips

- **Be specific in your query** β€” "windows active directory pass-the-hash" produces a more targeted attack graph than "windows security." The query is passed to all 15 data sources, so domain-specific terminology extracts more relevant signal.
- **Increase maxResults for statistical tools** β€” `predict_vulnerability_emergence` and `assess_zero_day_tail_risk` rely on sample size for distribution fitting. Use maxResults β‰₯ 50 for those two tools.
- **Use technology names with version context** β€” "Apache HTTP Server 2.4" returns more precise CVE and Censys data than "web server."
- **Combine tools for full assessments** β€” running all 8 tools on the same query builds a complete picture: exploit paths, defender allocation, adversary adaptation, and tail risk for a total of $0.295 per target.

## Output examples

### simulate_attack_defense_posg output

```json
{
  "gameValue": 0.623,
  "attackerValue": 0.741,
  "defenderValue": 0.259,
  "converged": true,
  "iterations": 847,
  "alphaVectorCount": 23,
  "optimalAttackPath": [
    "CVE-2021-44228-entry",
    "corp-jumphost-pivot",
    "ad-domain-controller-target"
  ],
  "optimalDefenseAllocation": {
    "perimeter": 0.38,
    "identity": 0.31,
    "endpoint": 0.18,
    "cloud": 0.13
  },
  "beliefStates": [
    { "state": "undetected", "probability": 0.67 },
    { "state": "partial-detection", "probability": 0.24 },
    { "state": "full-detection", "probability": 0.09 }
  ],
  "graphSummary": { "nodes": 47, "edges": 83 }
}
```

### synthesize_exploit_chains output

```json
{
  "attackSurfaceScore": 8.14,
  "chainCount": 12,
  "criticalPath": {
    "path": ["log4j-rce-entry", "lateral-smb-pivot", "lsass-dump-target", "dc-sync-exfil"],
    "totalCvss": 34.7,
    "probability": 0.43,
    "andNodes": ["lsass-dump-target"],
    "orNodes": ["log4j-rce-entry", "lateral-smb-pivot"],
    "techniques": ["T1190", "T1021.002", "T1003.001", "T1003.006"],
    "estimatedTime": 4.2
  },
  "averageChainLength": 3.8,
  "maxCvssChain": 34.7,
  "chains": [
    {
      "path": ["log4j-rce-entry", "lateral-smb-pivot", "lsass-dump-target", "dc-sync-exfil"],
      "totalCvss": 34.7,
      "probability": 0.43,
      "techniques": ["T1190", "T1021.002", "T1003.001", "T1003.006"],
      "estimatedTime": 4.2
    }
  ],
  "graphSummary": { "nodes": 47, "edges": 83 }
}
```

### predict_vulnerability_emergence output

```json
{
  "baselineIntensity": 0.032,
  "currentIntensity": 0.187,
  "hawkesParams": {
    "alpha": 0.71,
    "omega": 1.23,
    "c": 0.45
  },
  "predictedEvents30d": 8,
  "predictedEvents90d": 21,
  "burstProbability": 0.68,
  "criticalVulnForecast": 3,
  "clusterSizes": [2, 4, 3, 5, 2],
  "intensityTimeline": [
    { "t": 0, "lambda": 0.187 },
    { "t": 7, "lambda": 0.143 },
    { "t": 14, "lambda": 0.112 },
    { "t": 30, "lambda": 0.089 }
  ],
  "graphSummary": { "nodes": 61, "edges": 104 }
}
```

### assess_zero_day_tail_risk output

```json
{
  "gpdParameters": {
    "shape": 0.14,
    "scale": 1.82,
    "threshold": 7.0
  },
  "var95": 8.6,
  "var99": 9.4,
  "cvar95": 9.1,
  "cvar99": 9.7,
  "maxObserved": 10.0,
  "tailIndex": 0.14,
  "portfolioRisk": 0.83,
  "exceedanceProbabilities": [
    { "severity": 8.0, "probability": 0.31 },
    { "severity": 9.0, "probability": 0.12 },
    { "severity": 9.5, "probability": 0.04 }
  ],
  "returnPeriods": [
    { "severity": 9.0, "returnPeriodDays": 28 },
    { "severity": 9.5, "returnPeriodDays": 84 }
  ],
  "graphSummary": { "nodes": 58, "edges": 96 }
}
```

## Output fields by tool

### simulate_attack_defense_posg

| Field | Type | Description |
|---|---|---|
| `gameValue` | number | Nash equilibrium game value (0–1), higher = attacker advantage |
| `attackerValue` | number | Attacker's expected utility under optimal strategy |
| `defenderValue` | number | Defender's expected utility under optimal strategy |
| `converged` | boolean | Whether HSVI2 iteration converged within tolerance |
| `iterations` | number | Number of point-based value iteration cycles |
| `alphaVectorCount` | number | Alpha vectors maintained after pruning |
| `optimalAttackPath` | string[] | Node IDs on the optimal attack path |
| `optimalDefenseAllocation` | object | Normalized budget allocation per security domain |
| `beliefStates` | array | Detection state probabilities under optimal play |
| `graphSummary.nodes` | number | Total nodes in the constructed attack graph |
| `graphSummary.edges` | number | Total edges in the constructed attack graph |

### synthesize_exploit_chains

| Field | Type | Description |
|---|---|---|
| `attackSurfaceScore` | number | Aggregate attack surface severity score |
| `chainCount` | number | Total exploit chains discovered |
| `criticalPath` | object | Lowest-cost (highest-CVSS) exploit chain |
| `criticalPath.path` | string[] | Node IDs from entry point to target |
| `criticalPath.totalCvss` | number | Sum of CVSS scores along the chain |
| `criticalPath.probability` | number | Estimated success probability |
| `criticalPath.andNodes` | string[] | Nodes requiring all prerequisites (AND logic) |
| `criticalPath.orNodes` | string[] | Nodes requiring any prerequisite (OR logic) |
| `criticalPath.techniques` | string[] | MITRE ATT&CK technique IDs |
| `criticalPath.estimatedTime` | number | Estimated attack execution time (hours) |
| `averageChainLength` | number | Mean number of steps across all chains |
| `maxCvssChain` | number | Maximum cumulative CVSS across all chains |
| `chains` | array | Up to 10 exploit chains, ordered by CVSS cost |

### predict_vulnerability_emergence

| Field | Type | Description |
|---|---|---|
| `baselineIntensity` | number | Background CVE arrival rate ΞΌ |
| `currentIntensity` | number | Current intensity Ξ»(t) including excitation |
| `hawkesParams.alpha` | number | Excitation magnitude parameter |
| `hawkesParams.omega` | number | Power-law decay exponent |
| `hawkesParams.c` | number | Power-law offset parameter |
| `predictedEvents30d` | number | Expected CVE count in next 30 days |
| `predictedEvents90d` | number | Expected CVE count in next 90 days |
| `burstProbability` | number | Probability of a clustering burst event |
| `criticalVulnForecast` | number | Forecast critical (CVSS β‰₯ 9.0) CVE count |
| `clusterSizes` | number[] | Observed historical cluster sizes |
| `intensityTimeline` | array | Intensity decay curve over time |

### optimize_defender_allocation

| Field | Type | Description |
|---|---|---|
| `defenderBudget` | number | Defender resource units |
| `attackerBudget` | number | Attacker resource units |
| `battlefields` | array | Per-domain allocation and win probabilities |
| `battlefields[].name` | string | Security domain name |
| `battlefields[].defenderAlloc` | number | Defender units allocated |
| `battlefields[].attackerAlloc` | number | Attacker units allocated |
| `battlefields[].defenderWinProb` | number | Defender win probability on this battlefield |
| `nashEquilibrium` | object | Nash equilibrium allocation by domain |
| `defenderExpectedPayoff` | number | Defender expected payoff at Nash |
| `attackerExpectedPayoff` | number | Attacker expected payoff at Nash |
| `dominatedStrategies` | string[] | Strategies eliminated by iterated dominance |
| `iterations` | number | Fictitious play convergence iterations |

### model_adaptive_adversary

| Field | Type | Description |
|---|---|---|
| `optimalArm` | string | Attack technique the adversary has converged on |
| `predictedNextAction` | string | Predicted next attack technique |
| `adaptationSpeed` | number | Rate of weight concentration across rounds |
| `regret` | number | Cumulative regret vs. best fixed strategy |
| `explorationRate` | number | Current exploration probability |
| `rounds` | number | Exp3 simulation rounds |
| `arms` | array | Per-technique weight, probability, reward, pull count |

### compute_lateral_movement_risk

| Field | Type | Description |
|---|---|---|
| `epidemicThreshold` | number | β_c = ⟨k⟩/⟨k²⟩ critical transmission threshold |
| `currentBeta` | number | Estimated current transmission rate |
| `supercritical` | boolean | True if currentBeta > epidemicThreshold (compromise spreads) |
| `meanDegree` | number | Mean network degree ⟨k⟩ |
| `meanSquareDegree` | number | Second moment ⟨k²⟩ |
| `expectedSteps` | object | Expected steps to compromise per starting node |
| `absorptionProbabilities` | object | Probability of reaching each target from each source |
| `highRiskPaths` | array | Top 10 paths by expected-steps-to-compromise |
| `fundamentalMatrixSize` | number | Dimension of N = (I-Q)^-1 |

### assess_zero_day_tail_risk

| Field | Type | Description |
|---|---|---|
| `gpdParameters.shape` | number | GPD shape parameter ΞΎ (tail heaviness) |
| `gpdParameters.scale` | number | GPD scale parameter Οƒ |
| `gpdParameters.threshold` | number | Exceedance threshold u |
| `var95` | number | CVSS Value at Risk at 95th percentile |
| `var99` | number | CVSS Value at Risk at 99th percentile |
| `cvar95` | number | Conditional VaR (Expected Shortfall) at 95% |
| `cvar99` | number | Conditional VaR (Expected Shortfall) at 99% |
| `maxObserved` | number | Maximum CVSS score observed in the dataset |
| `tailIndex` | number | Tail heaviness index (positive = heavy tail) |
| `portfolioRisk` | number | Aggregate portfolio cyber risk score 0–1 |
| `exceedanceProbabilities` | array | P(X > x) at severity thresholds |
| `returnPeriods` | array | Expected days between severity exceedances |

### forecast_threat_landscape_evolution

| Field | Type | Description |
|---|---|---|
| `ess` | string[] | Evolutionary stable strategies (invasion-resistant techniques) |
| `emergingThreats` | string[] | Techniques classified as EMERGING |
| `decliningThreats` | string[] | Techniques classified as DECLINING |
| `replicatorConvergence` | number | Convergence measure of replicator dynamics (0–1) |
| `timeToEquilibrium` | number | Estimated time steps to stable distribution |
| `landscapeEntropy` | number | Shannon entropy of technique frequency distribution |
| `techniques` | array | Per-technique name, frequency, fitness, phase, growthRate |

## How much does autonomous red team intelligence cost?

Each tool uses **pay-per-event pricing** β€” you pay only when a tool call is successfully initiated. Prices vary by computational complexity.

| Tool | Price per call | 10 calls | 50 calls |
|---|---|---|---|
| `simulate_attack_defense_posg` | $0.045 | $0.45 | $2.25 |
| `synthesize_exploit_chains` | $0.040 | $0.40 | $2.00 |
| `predict_vulnerability_emergence` | $0.035 | $0.35 | $1.75 |
| `optimize_defender_allocation` | $0.040 | $0.40 | $2.00 |
| `model_adaptive_adversary` | $0.035 | $0.35 | $1.75 |
| `compute_lateral_movement_risk` | $0.035 | $0.35 | $1.75 |
| `assess_zero_day_tail_risk` | $0.035 | $0.35 | $1.75 |
| `forecast_threat_landscape_evolution` | $0.030 | $0.30 | $1.50 |
| **Full 8-tool assessment (one target)** | **$0.295** | β€” | β€” |

You can set a **maximum spending limit per session** in your MCP client or via Apify's built-in spend controls. The server checks `eventChargeLimitReached` before executing each tool and returns a clean error if the budget is reached.

Apify's free plan includes **$5 of monthly credits** β€” enough for 16 full 8-tool assessments at no cost.

Compare this to commercial threat intelligence platforms like Recorded Future or Mandiant Advantage, which charge $30,000–150,000 per year for analyst-curated feeds without the quantitative modeling layer.

## How the Autonomous Cyber Red Team MCP works

### Phase 1 β€” Data aggregation (parallel, 60–150 seconds)

Every tool call dispatches up to 15 actor calls in parallel via `runActorsParallel()` in `actor-client.ts`. Each actor is called with the user's query and a per-actor `maxResults` cap. The 180-second actor timeout ensures the parallel fan-out completes before the attack graph is assembled. Failures in individual data sources are gracefully handled β€” that source returns an empty array and the graph is built from the remaining signals.

The 15 sources are selected to cover the full kill chain: NVD and CISA KEV provide vulnerability nodes, Censys and tech stack detection provide asset nodes, DNS and SSL expose the network perimeter, GitHub surfaces active exploit code, StackExchange and Hacker News provide context on exploitation technique feasibility, OFAC and OpenSanctions handle threat actor attribution, and FRED provides economic context for risk quantification.

### Phase 2 β€” Attack graph construction

`buildAttackGraph()` in `scoring.ts` normalizes all 15 source outputs into a unified `AttackGraph` with typed `VulnNode` and `AttackEdge` structures. Nodes carry CVSS score, exploitability, impact, KEV flag, tech stack label, category (entry/pivot/target/exfil), and detection difficulty. Edges carry technique name, success probability, CVSS weight, and AND/OR prerequisite type. A seeded mulberry32 PRNG (seed=42) ensures deterministic graph construction for identical inputs. The resulting weighted adjacency matrix drives all downstream algorithms.

### Phase 3 β€” Algorithm application

Each tool applies a distinct algorithm to the same attack graph:

- **POSG (Tool 1)** β€” HSVI2 iterates over belief-space points, computing upper and lower bounds on value until the gap is below tolerance. Alpha vectors are pruned at each iteration using domination checking. The converged values represent the Nash equilibrium of the infinite-horizon discounted game.
- **AND-OR A* (Tool 2)** β€” A priority queue explores the AND-OR graph with f(n) = g(n) + h(n), where g is cumulative CVSS cost and h = max remaining CVSS serves as an admissible heuristic. AND nodes are expanded only when all prerequisites are satisfied; OR nodes expand on any single satisfied prerequisite.
- **Hawkes process (Tool 3)** β€” Power-law kernel Ξ»(t) = ΞΌ + Ξ£_i Ξ±(1 + (tβˆ’t_i)/c)^(βˆ’(1+Ο‰)) is calibrated from CVE timestamp data. Thinning simulation generates sample paths for the 30-day and 90-day forecasts.
- **Colonel Blotto (Tool 4)** β€” Fictitious play best-responds to the current empirical opponent distribution across security battlefields each iteration until the mixed strategies converge to Nash equilibrium.
- **Exp3 (Tool 5)** β€” Exponential-weight update w_i(t+1) = w_i(t) Γ— exp(Ξ· Γ— rΜ‚_i / K) with importance-weighted estimator rΜ‚_i = r_i / p_i tracks adversary technique selection. Optimal learning rate Ξ· = √(2 ln K / T) is computed analytically.
- **Absorbing Markov (Tool 6)** β€” Gauss-Jordan inversion computes N = (Iβˆ’Q)^-1 where Q is the transient-to-transient sub-matrix. Absorption matrix B = NR gives compromise probabilities. Epidemic threshold Ξ²_c = ⟨k⟩/⟨k²⟩ from mean-field theory determines supercritical spread.
- **GPD (Tool 7)** β€” Probability-weighted moments fit GPD parameters (shape ΞΎ, scale Οƒ) to CVSS exceedances above threshold u. P(X > x | X > u) = (1 + ΞΎ(xβˆ’u)/Οƒ)^(βˆ’1/ΞΎ) gives exceedance probabilities for VaR and CVaR computation.
- **Replicator dynamics (Tool 8)** β€” Euler integration of dx_i/dt = x_i(f_i βˆ’ Ο†Μ„) where Ο†Μ„ = Ξ£_j x_j f_j is mean fitness. Techniques are classified by growth rate sign and fitness percentile. ESS candidates are identified by perturbation stability.

### Phase 4 β€” Response serialization

Results are serialized to JSON via the `json()` helper and returned as MCP `CallToolResult` with `content[0].type = 'text'`. All numeric fields are rounded for readability. The `graphSummary` field is appended to every response so callers can assess data richness.

## Tips for best results

1. **Query with technology plus context** β€” "apache log4j 2.14 corporate internal network" builds a richer graph than "log4j." The query is passed verbatim to all 15 actors, so specificity multiplies across sources.

2. **Use `predict_vulnerability_emergence` proactively** β€” run it weekly on your highest-risk technology components. When `burstProbability` exceeds 0.6, pre-position your patch team. A weekly run costs $0.035 and can prevent an emergency response.

3. **Sequence POSG before Blotto for budget discussions** β€” `simulate_attack_defense_posg` gives you the game value (attacker advantage), then `optimize_defender_allocation` tells you how to redistribute budget to counter it. Present both outputs together for CISO-level conversations.

4. **Set maxResults β‰₯ 50 for tail risk and Hawkes tools** β€” GPD fitting and Hawkes calibration improve substantially with more samples. For `assess_zero_day_tail_risk` and `predict_vulnerability_emergence`, always use maxResults: 50 or higher.

5. **Run `forecast_threat_landscape_evolution` quarterly** β€” replicator dynamics show technique lifecycle stages. Techniques classified as EMERGING now will be GROWING in 6–12 months. Quarterly forecasts give you 2–3 quarters of lead time to build defenses against the next dominant technique.

6. **Combine with [WHOIS Domain Lookup](https://apify.com/ryanclinton/whois-domain-lookup) and [Website Tech Stack Detector](https://apify.com/ryanclinton/website-tech-stack-detector)** β€” these actors are embedded in the MCP's data aggregation, but running them standalone first lets you validate that the target is correctly identified before a full 8-tool assessment.

7. **Export results to a dataset for trending** β€” use Apify's dataset storage to persist tool outputs over time. Comparing `gameValue` from `simulate_attack_defense_posg` month-over-month gives an objective measure of how your attack surface is changing.

## Combine with other Apify actors

| Actor | How to combine |
|---|---|
| [Website Tech Stack Detector](https://apify.com/ryanclinton/website-tech-stack-detector) | Detect technology stack first, then pass identified technologies as queries to `synthesize_exploit_chains` for targeted exploit chain analysis |
| [WHOIS Domain Lookup](https://apify.com/ryanclinton/whois-domain-lookup) | Enumerate subdomains and registration data, then feed domain list into `simulate_attack_defense_posg` for perimeter attack surface modeling |
| [Company Deep Research](https://apify.com/ryanclinton/company-deep-research) | Generate a company intelligence report, extract technology mentions, then run `predict_vulnerability_emergence` on each identified technology |
| [Website Change Monitor](https://apify.com/ryanclinton/website-change-monitor) | Monitor CISA advisory and vendor security pages; trigger `synthesize_exploit_chains` via webhook when a new advisory is detected |
| [Cyber Attack Surface Report](https://apify.com/ryanclinton/cyber-attack-surface-report) | Run a full passive attack surface report, then feed the output into `compute_lateral_movement_risk` for network propagation analysis |
| [B2B Lead Qualifier](https://apify.com/ryanclinton/b2b-lead-qualifier) | Screen prospects by technology stack, then use `assess_zero_day_tail_risk` on their stack to identify high-risk leads for cybersecurity products |
| [Company Due Diligence Report](https://apify.com/ryanclinton/company-due-diligence-report) | Enrich a due diligence report with `assess_zero_day_tail_risk` and `forecast_threat_landscape_evolution` for acquisition cyber risk sections |

## Limitations

- **Passive analysis only** β€” this server never sends packets to target infrastructure. It accesses only publicly available data from government registries, certificate transparency logs, DNS, and community databases. It cannot discover vulnerabilities that are not publicly documented.
- **Attack graph quality depends on data source coverage** β€” queries for niche or proprietary technologies may return sparse NVD and GitHub data, resulting in smaller attack graphs and less statistically reliable model outputs. Check `graphSummary.nodes` β€” graphs with fewer than 10 nodes should be interpreted cautiously.
- **Mathematical models are probabilistic, not deterministic** β€” POSG game values, Hawkes forecasts, and GPD tail estimates are statistical outputs grounded in the available data, not ground-truth assessments. They quantify risk, they do not certify it.
- **No runtime exploit execution** β€” this is not an automated exploitation framework. It identifies and prioritizes attack paths; executing those paths requires a human red team.
- **15 data sources have individual rate limits** β€” during high-traffic periods, individual actors (especially Censys and GitHub) may return fewer results than `maxResults` due to upstream rate limiting. This is handled gracefully but may reduce graph density.
- **Hawkes calibration requires historical CVE timestamps** β€” if NVD returns few results for a niche query, the Hawkes model will have limited historical data to calibrate against and will fall back to baseline intensity estimates.
- **GPD fitting requires exceedances above threshold** β€” if fewer than 5 CVSS scores exceed the threshold (default u = 7.0), the GPD shape and scale estimates will be unreliable. `maxResults: 50` mitigates this.
- **No authentication bypass or credential testing** β€” the server does not attempt to log in to systems, test default credentials, or execute authenticated scans.

## Integrations

- [Apify API](https://docs.apify.com/api/v2) β€” call individual tools directly from Python or Node.js applications, or integrate MCP responses into SIEM/SOAR pipelines via REST
- [Webhooks](https://docs.apify.com/platform/integrations/webhooks) β€” trigger downstream actions (PagerDuty alert, Jira ticket, Slack notification) when `burstProbability` or `gameValue` exceeds a threshold
- [Zapier](https://apify.com/integrations/zapier) β€” schedule weekly threat landscape forecasts and push results to Google Sheets or a Notion database for tracking over time
- [Make](https://apify.com/integrations/make) β€” build multi-step automation: website change detected β†’ run exploit chain synthesis β†’ push findings to security ticketing system
- [Google Sheets](https://apify.com/integrations/google-sheets) β€” export weekly VaR, CVaR, and game value metrics to a spreadsheet for board-level cyber risk reporting
- [LangChain / LlamaIndex](https://docs.apify.com/platform/integrations) β€” use MCP tool outputs as structured context in RAG pipelines for AI-assisted threat report generation

## Troubleshooting

**Empty or very small attack graph (graphSummary.nodes  1 or  Privacy](https://console.apify.com/account/privacy)
2. Enable **Share runs with public Actor creators**

This lets us see your run details when something goes wrong. Your data is only visible to the actor developer, not publicly.

## Support

Found a bug or have a feature request? Open an issue in the [Issues tab](https://console.apify.com/actors/autonomous-cyber-red-team-mcp/issues) on this actor's page. For custom security integrations or enterprise deployments, reach out through the Apify platform.