Sysdig Expands the Power of Runtime Context with New MCP Server and Partner Integration Hub

Published:

October 15, 2025

Designed to unify visibility, context, and remediation across cloud, hybrid, and on-premises environments, Sysdig enables security teams to make faster, smarter decisions that reduce high-impact risk

SAN FRANCISCO – Oct. 15, 2025 – Sysdig, the leader in real-time cloud security, today announced the launch of its Model Context Protocol (MCP) server and partner integration hub, giving customers access to AI-powered security insights across their entire ecosystem. With Sysdig's partner integration hub, organizations can ingest data from their security tools — such as application security, supply-chain risk, and API protection — and enrich it with runtime intelligence to validate exposure, threats, vulnerabilities, and risk. Additionally, the new Sysdig MCP server seamlessly integrates into an organization's preferred AI platform, making this intelligence instantly accessible through flexible queries. By unifying third-party context with runtime insights, Sysdig provides a comprehensive view of every cloud asset, including where it's running and who owns it, enabling security teams to better prioritize remediation, strengthen accountability, and reduce cloud risk.

“Context has always been key for security. But when it comes to AI, context is everything,” said Shantanu Gattani, SVP of Product at Sysdig. “With this launch, we’re empowering customers to bring third-party findings into our platform and extending our industry-leading runtime insights directly into the AI toolchains and workflows they already use.”

Equipping AI with Real-Time Cloud Security Insight

The Sysdig MCP server enables AI platforms such as ChatGPT, Claude, and Gemini to seamlessly connect with Sysdig’s API and services. By embedding runtime context into their AI-driven workflows, customers can extend the reach of Sysdig’s cloud security insights beyond the company’s cloud-native application protection platform (CNAPP) to enable more intelligent automation, faster decision-making, and immediately actionable insights for their organizations.

With the Sysdig MCP server, the options for applying runtime context are only limited by users’ creativity. Some potential use cases include:

Accelerated incident response: When Sysdig flags a critical runtime event, the Sysdig MCP server can prompt the on-call engineer via Slack or Microsoft Teams to confirm severity. By running a query like, “Are there any cryptominers running in my environment? If so, notify the on-call security team immediately,” they can automatically open a PagerDuty incident with the right forensic evidence, context, and escalation policy. This gives teams an instant, enriched ticket, cutting triage time and equipping them to respond quickly and precisely.

Code-to-runtime vulnerability remediation: Users can simply ask, “Can you open a dev team ticket for any in-use vulnerabilities of the latest my-app-repo release?” and, after detecting a vulnerable library, the Sysdig MCP server can automatically connect the issue back to its code in GitHub and create a Jira ticket for the right team through integration with their MCP servers. Together, this helps reduce response times, drives accountability, and solves problems at the source.

Tailored cloud remediation: By combining Sysdig’s runtime insights with Amazon Web Services’ cloud context through MCP servers, security teams can ask, “List any publicly exposed resources from that cluster I created last week,” and begin to apply fixes that are specific to their environments – not just generic patches. This means less guesswork and more confidence that issues are resolved correctly the first time.

“Torq HyperSOC addresses a critical need for today’s inundated cloud security teams: providing actionable context and automation to address threats before they have a chance to affect their organizations,” said Chris Coburn, Senior Director of Tech Alliances at Torq, a Sysdig Partner. “The combination of the AI-driven Torq HyperSOC and Sysdig’s runtime insights through our MCP servers will provide joint customers the ability to cut through the noise, respond faster to what matters most, and ultimately reduce organizational risk at scale.”

Greater Context Drives Better Action

The Sysdig partner integration hub simplifies the setup and configuration of a bidirectional connection between the Sysdig CNAPP and other partner platforms such as Checkmarx, Mend.io, Semgrep, and Snyk. By enriching runtime context with source code and dependency metadata, joint customers gain deeper visibility into risk, clearer ownership, and more actionable fixes.

Key benefits of the partner integration hub for joint customers include:

Faster root-cause analysis and improved accountability: Teams can link runtime vulnerabilities to their specific repository, dependency file, and owner, reducing mean time to respond by 76%.

Better fix recommendations: Users can surface the precise version upgrades or patches needed to remediate runtime vulnerabilities, regaining more than 80 hours per week previously spent manually triaging and prioritizing risk.

Reduced noise and greater clarity: Consolidated findings provide a single, context-rich view of security issues with all relevant information while filtering out over 98% of low-risk vulnerability noise.

“With the Sysdig integration hub, our joint customers can connect their runtime security insights with their development workflows,” said Daghan Altas, VP of Product at Semgrep. “By bridging the gap between their code and production environments, we’re empowering organizations to identify issues earlier, remediate them faster, and strengthen security across the entire software development life cycle.”

Both the Sysdig MCP server and partner integration hub are available for all customers today.

Resources

Explore “AI echolocation of cloud risks using Sysdig and Snyk MCP servers.”
Learn more about “Sysdig MCP Server: Bridging AI and cloud security insights.”
Read “Fix what matters, faster: How Sysdig and Semgrep are unifying security without silos – from code to runtime.”

Media Contact

Damon Weinhold
damon.weinhold@sysdig.com

Sysdig delivers cloud security the right way with open innovation, agentic AI, and the uncompromising truth of runtime. In a world of black boxes and blind spots, Sysdig helps security and development teams prevent, detect, and respond to threats in the moment.

AI is only as powerful as the signals it receives, and Sysdig Sage™ — the first agentic AI analyst for cloud security — is fueled by the deepest runtime intelligence in the industry. It doesn’t just observe. It reasons and acts with the context, speed, and precision that modern teams need to build and defend innovation in real time. Founded by the creators of Falco and Wireshark, Sysdig is trusted by more than 60% of the Fortune 500 and is built for those who refuse to compromise on security.