Skip to main content

AI

Workshop provides AI-powered features to help you manage and understand your endpoint security environment.

AI Chat

AI Chat lets you ask natural-language questions about your Workshop data directly from the dashboard. Chat sessions have the same permissions as the logged-in user — the AI assistant can only access data you're authorized to see.

Setup

  1. Go to Settings → AI → Chat
  2. Toggle Enabled
  3. Select an AI provider (Anthropic, OpenAI, or Google)
  4. Enter your API key for the chosen provider
  5. Optionally select a specific model (defaults are recommended)

Privacy

warning

Information you send to AI Chat — including your questions, conversation history, and any Workshop data retrieved by the assistant — is sent to whichever third-party AI provider your organization has configured. Review your provider's data handling policies before enabling AI Chat.

Supported Providers

  • Anthropic
  • OpenAI
  • Google

What You Can Do

AI Chat can query your Workshop data using the same API methods available through the web interface. Example questions:

Show me a summary of all rules in Workshop.

Why is <app name> blocked on <host name>?

What are the top 10 most executed applications across my fleet?

Are any of my hosts out of date?

The assistant uses tools to look up data, perform calculations, and query Workshop documentation. By default, the assistant cannot modify your configuration. To enable write access, toggle Read-Write Mode in AI Chat settings.

MCP Server

The Model Context Protocol (MCP) is an open protocol that standardizes how applications provide context to large language models (LLMs). Learn more at modelcontextprotocol.io.

Workshop's MCP server exposes all of the methods available in the Workshop API to MCP-compatible clients such as Claude Desktop, Claude Code, LM Studio, and Gemini CLI.

Getting Started

1. Enable the MCP Server

  1. Go to Settings → AI → MCP
  2. Toggle the switch to enable the MCP server
warning

By default the MCP server only allows read-only access, even if you have added write permissions to the API key or OAuth scope. You must enable read-write mode in the MCP settings to allow MCP clients to make changes.

2. Choose an Authentication Method

OAuth 2.0 (recommended): MCP clients that support OAuth will automatically prompt you to log in — no extra setup needed. Just point the client at your Workshop MCP URL and authenticate through the browser.

API key (alternative): If your MCP client doesn't support OAuth, or you prefer key-based auth, generate an API key:

  1. Go to Settings → API Keys
  2. Click "Create API Key"
  3. Copy the key (it starts with npsws_sk_)

Authentication

OAuth 2.0

MCP clients that support OAuth 2.0 can authenticate using your organization's identity provider. This is the recommended approach. OAuth users receive permissions based on their Workshop role assignment. The MCP read-write toggle in settings provides an additional layer of control over write access.

API Key

Alternatively, create an API key with the desired permissions and pass it in the Authorization header. See Choose an Authentication Method above.

Integrating with MCP

Claude Desktop

  1. Install Claude Desktop from claude.ai
  2. Open SettingsConnectors
  3. Click Add custom connector
  4. Enter your Workshop MCP URL: https://example.workshop.cloud/mcp
  5. Click Add — Claude will open a browser window for OAuth authentication

See the Claude custom connectors documentation for more details.

Claude Code

  1. Install Claude Code from claude.ai
  2. Run the following command to add the Workshop MCP server:
claude mcp add --transport http workshop https://example.workshop.cloud/mcp

Claude Code will open a browser window for OAuth authentication when you first connect. See the Claude Code MCP documentation for more details.

LM Studio

  1. Install LM Studio from lmstudio.ai
  2. Open the Program tab in the right sidebar
  3. Click InstallEdit mcp.json and add:
{
	"mcpServers": {
		"workshop": {
			"url": "https://example.workshop.cloud/mcp",
			"headers": {
				"Authorization": "npsws_sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
			}
		}
	}
}

As of March 2026, LM Studio does not support OAuth for remote MCP servers, so an API key is required. See the LM Studio MCP documentation for more details.

Gemini CLI

  1. Install Gemini CLI from github.com/google-gemini/gemini-cli
  2. Run the following command to add the Workshop MCP server:
gemini mcp add --transport http workshop https://example.workshop.cloud/mcp

See the Gemini CLI MCP documentation for more details.

Example Prompts

Show me a summary of all rules in Workshop and use terms from the documentation to explain them.

Why is <app name> blocked on <host name> in Workshop?

Are any of my Workshop hosts out of date?

Are my Workshop hosts ready to switch from Monitor Mode to Lockdown Mode?