DEV Community

Cover image for Turned CNAPP engine into an MCP server
Ansh Sonkar
Ansh Sonkar

Posted on

Turned CNAPP engine into an MCP server

#aws #ai #mcp #cloud

While building Emfirge my own CNAPP to learn about infrastructure building, I kept running into the same problem most of the time.

Cloud security tools are great at finding issues, but they're usually trapped inside dashboards. So lets say if I wanted to investigate an attack path, check compliance issues, understand blast radius, or simulate a fix, I had to jump between multiple screens and workflows.

At some point I started wondering

Why does this need to live in a dashboard at all?
So I converted the core of Emfirge into an MCP server.

Now it can run directly inside Claude, Cursor, Kiro, Cline, and other MCP-compatible clients.
Source Code GitHub: https://github.com/theanshsonkar/emfirge

The Idea

You provide a read-only AWS IAM role.
Emfirge builds a live graph of your infrastructure and maps the relationships between resources.
Instead of looking at individual findings, it analyzes how everything connects together.

From there it can do

Trace attack paths from the internet to sensitive resources
Calculate blast radius
Detect toxic combinations and privilege escalation risks
Run compliance checks
Simulate security fixes before they're applied
Pre-Simulating Infrastructure Changes

One feature I particularly wanted was the ability to test changes before touching production.

Rather than relying on an AI model to guess what might happen, Emfirge clones the infrastructure graph, applies the proposed change, and reruns the analysis.

This makes it possible to ask questions like

What happens if I make this bucket public?

What happens if I modify this security group?

Does this change increase or reduce risk?

The answer comes from the graph analysis rather than model speculation.

Privacy Was Non-Negotiable

One concern I had from day one was sending cloud infrastructure data to LLMs.

AWS account IDs, ARNs, resource identifiers, IP addresses, and other sensitive values shouldn't leave an environment unnecessarily.

To address this, resource identifiers are tokenized locally before any LLM interaction occurs. The model sees anonymized tokens instead of the original identifiers.

What Started as a Graph

Interestingly, most of the capabilities in Emfirge ended up being graph problems.

Attack path analysis.
Blast radius calculations.
Fix simulations.
Compliance relationships.
Toxic combinations.

Everything eventually became graph traversal, path finding, and risk modeling. Once I realized that, exposing the system through MCP felt like the natural next step.

Instead of navigating a dashboard, you can now interact with the infrastructure graph directly from your AI tooling.

Source Code GitHub: https://github.com/theanshsonkar/emfirge

I'd love feedback from people working in cloud security, platform engineering, or infrastructure. I'm especially interested in how others think MCP could be used for security workflows.

Top comments (0)