DevOps, Security Management, SOC, Application security

DefectDojo Brings MCP Support to Dojo Pro, Enabling Safer, Flexible AI Integration for Cybersecurity Teams

AI is becoming an essential part of the cybersecurity conversation, but most teams still struggle with how to bring it into their workflows without compromising control or security. DefectDojo’s latest update to its Dojo Pro platform aims to address exactly that, with native support for the Model Context Protocol (MCP).

MCP, developed by Anthropic and supported by players like OpenAI, standardizes how context is exchanged between software systems and AI models. Instead of pushing teams into a single AI provider or architecture, it creates an interoperable layer where models can act more like services, pluggable, auditable, and optional.

According to Greg Anderson, CEO and founder of DefectDojo, that optionality was key to how MCP was implemented in Dojo Pro.

“Security teams don’t want to just bolt AI onto their stack,” Anderson said. “They want to use it in a way that respects their data, their workflows, and their risk tolerance. That’s why we approached MCP support in Dojo Pro the way we did. It’s not a ‘turn on AI’ button. Instead, it’s a framework that lets teams connect to the model they trust, whether that’s something hosted, something private, or something they built themselves.”

Dojo Pro’s support for MCP means users can connect any AI model that implements the protocol, whether it’s a large hosted model or a lightweight, domain-specific one fine-tuned for their environment. That flexibility matters for teams managing sensitive data or operating in regulated industries.

“A lot of organizations want AI to help with triage or classification, but they can’t risk sending data out of their environment,” Anderson noted. “With MCP, they don’t have to. We deploy it on a per-customer basis, with full data separation. So you get the benefits of AI, but on your terms, not someone else’s.”

By making MCP integration model-agnostic, DefectDojo is addressing a shift already underway in the industry, away from one-size-fits-all AI toward more tailored, purpose-built models.

“That shift is already happening,” Anderson said. “We’ve seen firsthand that security is too nuanced for general-purpose models. The way a financial institution handles a critical vulnerability looks very different from how a SaaS startup would. Context is everything.”

This focus on context and control reflects DefectDojo’s larger approach. Rather than dictating which model to use, the platform ensures that whatever teams choose is observable and can be tuned as needed.

“Our job isn’t to tell you which AI is best,” he said. “It’s to make sure whatever you use is secure, observable, and actually helps reduce manual effort.”

While MCP lays the foundation, Anderson made it clear it’s just the beginning of DefectDojo’s AI roadmap.

“MCP is the infrastructure making AI-connected workflows even possible. What’s coming next are experiences that actually make a difference in how teams work: natural language queries, smarter triage, and prioritization driven by business risk.”

But the emphasis isn’t on novelty. It’s on visibility and control.

“Everything we build is opt-in, and built with control in mind,” Anderson explained. “AI shouldn’t feel like a wildcard running in your environment. You’ll always know what it’s touching, what decisions it’s making, and how it’s scoring things. And if something doesn’t look right, you can turn it off or tune it without rewriting your whole setup.”

DefectDojo’s phased rollout of MCP support will start with Dojo Pro’s power users, eventually expanding based on real-world feedback. It follows the company’s broader push to bring both AppSec and SOC workflows into one platform. As AI adoption scales, DefectDojo is positioning itself not just as a platform with AI, but one that gives users agency over how and when AI shows up in their security strategy.

Suparna Chawla Bhasin

Suparna serves as Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E.  She plays a key role in content development, optimizing editorial workflows, aligning storytelling with audience needs, and collaborating across teams to deliver timely, high-impact content. Her background spans technology, media, and education, and she brings a unique blend of strategic thinking, creativity, and executional excellence to every project.

You can skip this ad in 5 seconds