Meet Escape Copilot: Automate App and Scan Management via MCP
We’re introducing Escape Copilot (in Beta), a new AI-powered assistant designed to help your security team work more efficiently with the Escape platform.
Powered by the Model Context Protocol (MCP) on the Escape Public API, Copilot understands your unique security setup and helps you get more done in less time by simplifying everyday workflows like managing scans and tracking assets.
Built for Context-Aware Security Automation
Security teams face growing complexity and time pressure. Routine tasks like launching scans, updating application configs, or tracking domain status can slow things down, especially in large or distributed environments. Escape Copilot helps reduce this operational overhead by letting you trigger, manage, and review key security workflows in natural language.
It’s especially useful if you:
- Juggle many services or microservices
- Run regular scans across multiple apps and environments
- Need instant access to domain, issue, or posture information
Powered by the Model Context Protocol (MCP)
Escape Copilot runs on the Model Context Protocol (MCP) using the Escape Public API. This means every interaction is tightly scoped to your organization’s actual configuration and security data — no pre-training, no external inference, no guesswork. You get precise, permissioned answers and actions tailored specifically to your environment.
Copilot only responds based on what’s accessible through your scoped Escape Public API access, ensuring:
- No external data storage
- No training on your data
- Context-aware, action-ready results
It follows strict cybersecurity best practices and puts user privacy first. We recommend sharing only the data necessary for effective interaction.
What can Escape Copilot do today? (Beta)
Below are the core capabilities available in the beta release:
Application Management
- Create Applications: Define new applications by specifying essential details such as name, URL, type (e.g., GraphQL, REST, Frontend), location, and configuration.
- Update Applications: Easily update application details, including name, location, and scheduling options.
- List Applications: Retrieve a complete list of all applications managed within your platform.
- Get Application Details: Obtain specific details about any application using its unique ID or name.
Scan Management
- Start Scans: Trigger scans to identify vulnerabilities.
- Check Scan Status: Monitor ongoing or recent scans.
- List Scan Issues: Access detailed reports highlighting vulnerabilities and security issues detected during scans.
- List Scan Events: Review chronological events associated with scans, providing insights into the scanning process
Domain Management
- Create Domains: Register new domains (FQDNs) to be monitored.
- Delete Domains: Remove unnecessary or outdated entries.
- List Domains: View all domains under management.
- Get Domain Details: Retrieve detailed information about specific domains using their IDs.
Access Scan Archives
- Get Exchange Archive URLs: Retrieve access to scan exchange archives for further investigation.
Try Escape Copilot today
Escape Copilot is now available in beta to all customers.
If you're an existing Escape customer, just press Cmd + Shift + E (or Ctrl + Shift + E on Windows) to activate Copilot in-app.
We’re actively expanding functionality — including deeper scan customization, remediation workflows, and automated summaries. Your feedback will shape what comes next.
Have questions? Reach out to your dedicated sales engineer on Slack or via email.
Not an Escape platform user and want to see it in action? Get a demo with our product expert.
FAQ
Who has access to Escape Copilot?
Escape Copilot is available to all Escape DAST & ASM customers.
How can Escape Copilot benefit my security team?
Escape Copilot simplifies day-to-day security operations by automating application, domain, and scan management within the Escape platform. For example, you can ask it to start scans on applications with specific names or list all domains in the application inventory.
How does Escape Copilot source outputs?
Copilot retrieves real-time data by making secure calls to the Escape Public API. It does not infer or hallucinate — all responses reflect actual state and data from your specific Escape environment.
Is my data secure?
Yes. Copilot is built on Escape's implementation of the Model Context Protocol (MCP), which enforces strict scoping rules. API calls and context are tightly bound to your environment and data is never used to train models. No data is sent to third parties or stored outside your control.
How does Escape Copilot interact with my data?
Copilot operates via scoped API access using your organization’s credentials. It uses only the permissions available through the Escape Public API and never stores or transmits data outside your Escape instance.
What is Escape's AI ethics policy?
We do not train Copilot or any model on your data. Escape adheres to principles of transparency, data minimization, and control. All Copilot interactions are deterministic and scoped to your own assets. No customer data is used outside its intended context.
Which languages does Escape Copilot support?
Escape Copilot is fully optimized for English only. We recommend using English to ensure the most accurate results.
If you’re interested in Escape Copilot, you might also want to explore these powerful Escape features: