What’s New in Uncoder: AI Chat Bot & MCP Tools

SOC Prime’s latest release is focused on improving AI-native cybersecurity workflows, bringing new capabilities to Uncoder AI. Key updates include the AI Chat Bot interface, which gives users a fast, conversational way to handle end-to-end cybersecurity tasks, and the Model Context Protocol (MCP) tools, providing a context-aware bridge between AI and real-world data sources.

AI Chat Bot Interface: Custom Prompts & AI Tasks

SOC Prime now offers a dual experience: “Classic” Uncoder remains as is for users, while the “New” AI Chat Bot version provides a user-friendly interface for faster, AI-guided operations. It is an intuitive, dialog-based environment where cyber defenders can manage detection engineering tasks end-to-end. 

Simply enter a prompt in a human language, and Uncoder AI will search relevant threat intelligence and rules, generate behavioral detections from raw reports, aggregate and summarize results, visualize Attack Flows, and execute a full range of detection engineering tasks.

Alternatively, users can choose from pre-built AI tasks if they prefer a faster, guided approach instead of interacting with the AI Chat Bot. In this release, the available AI tasks include:

• Behavior Rule
• Short Summary
• Full Summary
• Attack Flow
• Active Threats Search

Model Context Protocol Tools Support

Uncoder is backed by MCP tools, which transform AI into a contextually aware cybersecurity co-pilot. These tools enable easier integration, vendor flexibility, pre-built connections, and secure data handling, supporting complex LLM workflows. 

For instance, MCP allows semantic searches across the Threat Detection Marketplace, quickly finding rules for specific log sources or threat types and cutting down on manual search time. Also, MCP ensures that AI functionality works intelligently, understanding user inputs and applying the right AI feature for the task.

MISP Integration

Starting with this release, cyber defenders can connect Uncoder AI directly to their MISP server, making it easy to search for threat intelligence events and IOCs. Uncoder translates natural language queries via the MCP into structured API calls executed on the MISP server. This helps overcome MISP’s API native limitations and deliver precise, context-aware results.

Complete AI-Native Workflow

The SOC Prime Platform now delivers an intelligent, AI-driven workflow for threat detection by integrating Uncoder AI with Active Threats. Users can search and filter threats directly in Active Threats, with a short executive summary of results right in the feed. The “Research in Uncoder” button gives instant access to the full summary and Uncoder AI tools, so cyber defenders can generate behavioral rules, visualize Attack Flows, and handle other detection engineering tasks. Register for the SOC Prime Platform to explore exciting updates or read more about the latest Active Threats update here.