FEAT: MCP (Model Context Protocol) Integration

[KutalVolkan]

Is your feature request related to a problem? Please describe.

When red teaming agentic AI systems, PyRIT currently requires custom integrations for each external tool, data source, or capability. This creates friction when testing systems that use diverse toolsets and limits the ability to dynamically discover and interact with target capabilities during assessments.

TheModel Context Protocol (MCP) by Anthropic provides a standardized interface for LLM-to-tool communication that's rapidly being adopted across the AI ecosystem. Without MCP support, PyRIT cannot natively interact with MCP-enabled targets or leverage the growing ecosystem of MCP servers for red teaming workflows.

Describe the solution you'd like

Add native MCP support to PyRIT, enabling red teaming agents to dynamically discover and use external tools, data sources, and prompt templates via the MCP protocol.

Core Capabilities:

• Tools: Execute functions (converters, probes, external APIs, target system tools)
• Resources: Read data (attack datasets, MITRE ATLAS mappings, reconnaissance results)
• Prompts: Load templates (red team agent prompts, attack strategies)

Proposed Implementation:

The codebase already defines MCP types in MessagePieceType:

MCP_CALL = "mcp_call"
MCP_LIST_TOOLS = "mcp_list_tools"
MCP_APPROVAL_REQUEST = "mcp_approval_request"

These types aren't implemented yet. This proposal would complete that implementation.

Proposed Usage:

from pyrit.mcp import MCPServerConfig, MCPTransport

# Native MCP support in target
target = OpenAIResponseTarget(
    mcp_servers=[
        MCPServerConfig(
            name="converters", 
            transport=MCPTransport.STDIO, 
            command="python", 
            args=["converters_server.py"]
        ),
        MCPServerConfig(
            name="recon", 
            transport=MCPTransport.SSE, 
            url="http://localhost:8080/sse"
        ),
    ]
)

# Target auto-discovers tools, model can call them during conversation

Implementation Phases:

1. Core MCP client implementation using the MCP Python SDK
2. Integration with OpenAIResponseTarget
3. Integration examples with existing agentic security tools as MCP resources/tool
4. Documentation and notebooks

Additional context

Relationship to Existing Issues:

• Supersedes FEAT: Expose PyRIT converters as callable tools via OpenAI Responses API #1083
• Supersedes FEAT: Threat Model Integration for Agentic Red Teaming #1118

References:

• MCP Specification
• MCP Python SDK

Open Questions:

• Should example MCP servers live in PyRIT core or a separate repository?
• Which transport should be prioritized first (STDIO vs SSE)?
• Any security considerations for MCP server sandboxing during red team operations?

I'm happy to start the implementation and can break this into smaller PRs. Would welcome collaboration from anyone interested in this direction.