AI
Workshop provides AI-powered features to help you manage and understand your endpoint security environment.
AI Chat
AI Chat lets you ask natural-language questions about your Workshop data directly from the dashboard. Chat sessions have the same permissions as the logged-in user — the AI assistant can only access data you're authorized to see.
Setup
- Go to Settings → AI → Chat
- Toggle Enabled
- Select an AI provider (Anthropic, OpenAI, or Google)
- Enter your API key for the chosen provider
- Optionally select a specific model (defaults are recommended)
Privacy
Information you send to AI Chat — including your questions, conversation history, and any Workshop data retrieved by the assistant — is sent to whichever third-party AI provider your organization has configured. Review your provider's data handling policies before enabling AI Chat.
Supported Providers
- Anthropic
- OpenAI
What You Can Do
AI Chat can query your Workshop data using the same API methods available through the web interface. Example questions:
Show me a summary of all rules in Workshop.
Why is <app name> blocked on <host name>?
What are the top 10 most executed applications across my fleet?
Are any of my hosts out of date?
The assistant uses tools to look up data, perform calculations, and query Workshop documentation. By default, the assistant cannot modify your configuration. To enable write access, toggle Read-Write Mode in AI Chat settings.
MCP Server
The Model Context Protocol (MCP) is an open protocol that standardizes how applications provide context to large language models (LLMs). Learn more at modelcontextprotocol.io.
Workshop's MCP server exposes all of the methods available in the Workshop API to MCP-compatible clients such as Claude Desktop and LM Studio.
Getting Started
1. Generate an API Key
Before integrating with MCP, you'll need a Workshop API key:
- Go to Settings → API Keys
- Click "Create API Key"
- Copy the key (it starts with
npsws_sk_)
2. Enable the MCP Server
- Go to Settings → AI → MCP
- Toggle the switch to enable the MCP server
By default the MCP server only allows read-only access, even if you have added write permissions to the API key or OAuth scope. You must enable read-write mode in the MCP settings to allow MCP clients to make changes.
Authentication
OAuth 2.0
MCP clients that support OAuth 2.0 can authenticate using your organization's identity provider. This is the recommended approach.
How it works:
- MCP clients discover the authorization server via
/.well-known/oauth-protected-resource - Users authenticate through the hosted login UI
- The identity provider issues tokens that the MCP client uses for requests
- Workshop validates tokens and applies role-based access control
OAuth users receive permissions based on their Workshop role assignment. The MCP read-write toggle in settings provides an additional layer of control over write access.
API Key
Alternatively, create an API key with the desired permissions and pass it in the Authorization header. See Generate an API Key above.
Integrating with MCP
Claude Desktop
- Install Claude Desktop from claude.ai
- Open Settings → "Developer" tab
- Edit your MCP configuration file (usually
~/Library/Application Support/Claude/claude_desktop_config.jsonon macOS):
{
"mcpServers": {
"workshop": {
"command": "npx",
"args": [
"mcp-remote",
"https://example.workshop.cloud/mcp",
"--header",
"Authorization: npsws_sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
]
}
}
}
- Restart Claude Desktop to apply changes
This uses mcp-remote, a bridge between local and remote MCP servers. See the official Claude MCP documentation for more details.
LM Studio
- Install LM Studio from lmstudio.ai
- Open Settings → Program tab
- Click Install → Edit mcp.json
- Add:
{
"mcpServers": {
"workshop": {
"url": "https://example.workshop.cloud/mcp",
"headers": {
"Authorization": "npsws_sk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
}
See the LM Studio MCP documentation for more details.
Example Prompts
Show me a summary of all rules in Workshop and use terms from the documentation to explain them.
Why is <app name> blocked on <host name> in Workshop?
Are any of my Workshop hosts out of date?
Are my Workshop hosts ready to switch from Monitor Mode to Lockdown Mode?