Aqua Security Introduces Aqua Compass MCP Server for Runtime Incident Response

Aqua Security introduced Aqua Compass, a Model Context Protocol (MCP) server used within its runtime security workflows, alongside a new set of runtime risk dashboards. The update focused on moving from identifying runtime risk to containing and remediating issues in running applications.

The company cited a problem in which cloud native development and AI-generated code increased the number of vulnerabilities reaching production environments, while attackers automated exploitation. It said organizations could see risk but could not fix it fast enough, framing the approach around faster investigation and response for runtime incidents.

Compass functioned through an MCP interface that let customers build AI agents interacting with Aqua’s runtime intelligence and enforcement controls without leaving environments they already operated in. The workflow supported analysis of activity, containment, and remediation recommendations, with a human in the loop to oversee decisions. Aqua said Compass analyzed live malware attacks inside a containerized workload, identified malicious behavior, recommended steps to isolate a compromised pod, and generated a hardened runtime policy scoped to the affected namespace that blocked similar behavior.

The initiative also included runtime risk dashboards that converted vulnerabilities and misconfigurations into customer-quantified monetary exposure and recalculated exposure as runtime controls were enforced. Aqua attributed the capabilities to its runtime visibility and enforcement architecture, an agent-based enforcement model operating directly inside running workloads, and foundations that incorporated adversary intelligence from Aqua’s Nautilus research team and telemetry from millions of protected workloads. “The industry spent the last decade building visibility into cloud environments, but visibility alone does not stop attacks,” said Mike Dube, CEO of Aqua Security. “Vulnerabilities are being exploited faster than organizations can remediate them, which means the old model is becoming obsolete. The future of cloud is autonomous runtime security. With more than a decade of embedding enforcement directly inside production workloads and patented innovations in runtime security, Aqua is uniquely positioned to secure cloud native environments today and into the future.”

Aqua said organizations could begin building security agents on top of Aqua Compass today, and it positioned Compass and the dashboards as capabilities enabled by its runtime intelligence, enforcement, and telemetry.