DOCS-395: document AI security features

.other/redirects-backup.txt

@@ -835,3 +835,7 @@
 /v2/docs/remote-access-desktop-application-beta -> /docs/sra-desktop-application-beta
 /docs/copy-of-remote-access-on-k8s -> /docs/sra-setup-k8s
 /v2/docs/copy-of-remote-access-on-k8s -> /docs/sra-setup-k8s
+/docs/akeyless-mcp-model-context-protocol-command -> /docs/mcp-server
+/v2/docs/akeyless-mcp-model-context-protocol-command -> /docs/mcp-server
+/docs/akeyless-mcp-plugin-jetbrains-ides -> /docs/mcp-jetbrains-ides
+/v2/docs/akeyless-mcp-plugin-jetbrains-ides -> /docs/mcp-jetbrains-ides

docs/AI Security/MCP/_order.yaml

@@ -0,0 +1,5 @@
+- index
+- mcp-claude-desktop
+- mcp-cursor
+- mcp-github-copilot
+- mcp-jetbrains-ides

docs/AI Security/MCP/index.md

@@ -0,0 +1,72 @@
+---
+title: MCP Server
+excerpt: Overview of Akeyless MCP content, requirements, and supported integrations.
+deprecated: false
+hidden: false
+link:
+  new_tab: false
+metadata:
+  title: Akeyless MCP Server
+  description: Overview of Akeyless MCP content, requirements, and supported integrations.
+  robots: index
+---
+The Akeyless Model Context Protocol (MCP) Server lets MCP-enabled tools connect to your Akeyless identity security platform through the Akeyless CLI or Gateway. This section explains the MCP server, its command syntax, and the supported client integrations documented by Akeyless.
+
+Model Context Protocol (MCP) is an open protocol that standardizes how an AI client discovers tools and sends tool calls to an external server. In this model, your MCP client (for example, Claude Desktop, Cursor, or GitHub Copilot) launches the Akeyless MCP server locally over `stdio`, then uses it to run authorized operations against Akeyless resources.
+
+## Common Requirements
+
+All documented MCP integrations share these requirements:
+
+* Akeyless CLI version `1.130.0` or later.
+* An Akeyless account and a configured CLI profile, or explicit authentication flags.
+* A Gateway URL passed directly in the client configuration or command arguments.
+* A client that can launch the Akeyless MCP server over `stdio`.
+
+Read more about the [Model Context Protocol](https://modelcontextprotocol.io/).
+
+## General MCP Usage Flow
+
+Use this high-level flow for any supported MCP integration:
+
+1. Install and configure the Akeyless CLI and authentication profile.
+2. Configure your MCP client to run the Akeyless MCP server command.
+3. Start or reload the MCP client so it discovers the Akeyless tools.
+4. Invoke Akeyless tools from the client prompt and review the response.
+5. Use RBAC and scoped secret permissions to control what the client can access.
+
+## MCP-Related CLI Commands
+
+The Akeyless CLI currently exposes two MCP-related commands:
+
+| Command | Purpose |
+| --- | --- |
+| `akeyless mcp` | Starts the general Akeyless MCP server for standard Akeyless tools. |
+| `akeyless mcp-runtime-authority` | Starts the Agentic Runtime Authority MCP server for runtime query workflows (`list-secrets`, `query-db`, `service-execute`). |
+
+For full command flags and usage details, see [CLI Reference](https://docs.akeyless.io/docs/cli-reference#mcp).
+
+### Command: akeyless mcp
+
+The `akeyless mcp` command starts an MCP server so AI assistants can securely interact with Akeyless services through a standardized interface. It accepts the same authentication flags as other Akeyless CLI commands. For details, see [Access and Authentication Methods](https://docs.akeyless.io/docs/access-and-authentication-methods).
+
+> Important: `akeyless mcp` does not use the `gateway_url` value configured in a CLI profile. You must pass `--gateway-url` directly in every `akeyless mcp` command (or MCP client args).
+
+For full command syntax and flags, see [CLI Reference - mcp](https://docs.akeyless.io/docs/cli-reference#mcp).
+
+### Command: akeyless mcp-runtime-authority
+
+The `akeyless mcp-runtime-authority` command starts the MCP server for Agentic Runtime Authority runtime-query tools (`list-secrets`, `query-db`, `service-execute`). It uses the same authentication model as `akeyless mcp`, and accepts an optional `--secret-name` flag to set a default secret path for `query-db`.
+
+For full command syntax and flags, see [CLI Reference - mcp-runtime-authority](https://docs.akeyless.io/docs/cli-reference#mcp-runtime-authority).
+
+For Runtime Authority behavior, prerequisites, and tool semantics, see [Agentic Runtime Authority](https://docs.akeyless.io/docs/agentic-runtime-authority).
+
+## Supported Integrations
+
+| Integration | Primary use case | Configuration surface |
+| --- | --- | --- |
+| [Claude Desktop](https://docs.akeyless.io/docs/mcp-claude-desktop) | Desktop AI assistant workflow with local MCP client configuration | `~/Library/Application Support/Claude/claude_desktop_config.json` |
+| [Cursor](https://docs.akeyless.io/docs/mcp-cursor) | Editor-based MCP workflow in Cursor | `~/.cursor/mcp.json` or Cursor settings JSON |
+| [GitHub Copilot](https://docs.akeyless.io/docs/mcp-github-copilot) | MCP workflow with GitHub Copilot CLI | `~/.copilot/mcp-config.json` |
+| [JetBrains IDEs](https://docs.akeyless.io/docs/mcp-jetbrains-ides) | IDE-native plugin workflow for JetBrains products | JetBrains plugin settings |

docs/AI Security/MCP/mcp-claude-desktop.md

@@ -0,0 +1,88 @@
+---
+title: Claude Desktop
+slug: mcp-claude-desktop
+excerpt: Connect Claude Desktop to the Akeyless MCP Server.
+deprecated: false
+hidden: false
+metadata:
+  title: ''
+  description: ''
+  robots: index
+---
+Connect Claude Desktop to the Akeyless Model Context Protocol (MCP) Server when you want Claude Desktop to access Akeyless tools through MCP.
+
+For general MCP background and command syntax, see [MCP Server](https://docs.akeyless.io/docs/mcp-server).
+
+## Requirements
+
+* Akeyless CLI version `1.130.0` or later.
+* A configured Akeyless profile, or the authentication values required by your chosen access type.
+* A Gateway URL passed directly in the client configuration.
+
+## Configure Claude Desktop
+
+1. Install and configure the Akeyless CLI.
+2. Edit `~/Library/Application Support/Claude/claude_desktop_config.json`.
+3. Add the Akeyless MCP server configuration.
+4. Restart Claude Desktop.
+
+The following examples show common authentication configurations:
+
+```json Default
+{
+  "mcpServers": {
+    "akeyless": {
+      "command": "akeyless",
+      "args": [
+        "mcp",
+        "--profile", "<profile-name>",
+        "--gateway-url", "https://<your-gateway-url>:8000/api/v2"
+      ]
+    }
+  }
+}
+```
+```json SAML
+{
+  "mcpServers": {
+    "akeyless-saml": {
+      "command": "akeyless",
+      "args": [
+        "mcp",
+        "--access-id", "<access-id>",
+        "--access-type", "saml",
+        "--gateway-url", "https://<your-gateway-url>:8000/api/v2"
+      ]
+    }
+  }
+}
+```
+```json OIDC
+{
+  "mcpServers": {
+    "akeyless-oidc": {
+      "command": "akeyless",
+      "args": [
+        "mcp",
+        "--access-id", "<access-id>",
+        "--access-type", "oidc",
+        "--gateway-url", "https://<your-gateway-url>:8000/api/v2"
+      ]
+    }
+  }
+}
+```
+
+## Verify The Integration
+
+After Claude Desktop restarts, verify that Claude can run MCP-backed requests such as:
+
+* "Show me my Akeyless secrets"
+* "List all my targets"
+* "Create a new secret called `api-key`"
+
+## Notes
+
+* The Akeyless CLI serves MCP over `stdio`, so Claude Desktop must invoke the `akeyless mcp` command directly.
+* When `--profile` is used, the saved CLI profile supplies the authentication settings.
+* Pass `--gateway-url` directly in the Claude Desktop configuration even when the profile already has a saved Gateway value.

docs/AI Security/MCP/mcp-cursor.md

@@ -0,0 +1,88 @@
+---
+title: Cursor
+slug: mcp-cursor
+excerpt: Connect Cursor to the Akeyless MCP Server.
+deprecated: false
+hidden: false
+metadata:
+  title: ''
+  description: ''
+  robots: index
+---
+Connect Cursor to the Akeyless MCP Server when you want MCP access inside the Cursor editor.
+
+For general MCP background and command syntax, see [MCP Server](https://docs.akeyless.io/docs/mcp-server).
+
+## Requirements
+
+* Akeyless CLI version `1.130.0` or later.
+* A configured Akeyless profile, or the authentication values required by your chosen access type.
+* A Gateway URL passed directly in the client configuration.
+
+## Configure Cursor
+
+1. Install and configure the Akeyless CLI.
+2. Open Cursor settings JSON.
+3. Add the Akeyless MCP server configuration.
+4. Restart Cursor.
+
+The following examples show common authentication configurations:
+
+```json Default
+{
+  "mcpServers": {
+    "akeyless": {
+      "command": "akeyless",
+      "args": [
+        "mcp",
+        "--profile", "<profile-name>",
+        "--gateway-url", "https://<your-gateway-url>:8000/api/v2"
+      ]
+    }
+  }
+}
+```
+```json SAML
+{
+  "mcpServers": {
+    "akeyless-saml": {
+      "command": "akeyless",
+      "args": [
+        "mcp",
+        "--access-id", "<access-id>",
+        "--access-type", "saml",
+        "--gateway-url", "https://<your-gateway-url>:8000/api/v2"
+      ]
+    }
+  }
+}
+```
+```json OIDC
+{
+  "mcpServers": {
+    "akeyless-oidc": {
+      "command": "akeyless",
+      "args": [
+        "mcp",
+        "--access-id", "<access-id>",
+        "--access-type", "oidc",
+        "--gateway-url", "https://<your-gateway-url>:8000/api/v2"
+      ]
+    }
+  }
+}
+```
+
+## Verify The Integration
+
+After Cursor restarts, verify that Cursor can run MCP-backed requests such as:
+
+* "Show me my Akeyless secrets"
+* "Create a new secret called `api-key`"
+* "List all my targets"
+
+## Notes
+
+* The Akeyless CLI serves MCP over `stdio`, so Cursor must invoke the `akeyless mcp` command directly.
+* When `--profile` is used, the saved CLI profile supplies the authentication settings.
+* Pass `--gateway-url` directly in the Cursor configuration even when the profile already has a saved Gateway value.

docs/AI Security/MCP/mcp-github-copilot.md

@@ -0,0 +1,101 @@
+---
+title: GitHub Copilot
+slug: mcp-github-copilot
+excerpt: Connect GitHub Copilot to the Akeyless MCP Server.
+deprecated: false
+hidden: false
+metadata:
+  title: ''
+  description: ''
+  robots: index
+---
+Connect GitHub Copilot to the Akeyless MCP Server when you want Copilot to access Akeyless tools through MCP.
+
+For general MCP background and command syntax, see [MCP Server](https://docs.akeyless.io/docs/mcp-server).
+
+## Requirements
+
+* Akeyless CLI version `1.130.0` or later.
+* GitHub Copilot CLI installed.
+* A configured Akeyless profile, or the authentication values required by your chosen access type.
+* A Gateway URL passed directly in the client configuration.
+
+## Install GitHub Copilot CLI
+
+```shell
+npm install -g @githubnext/github-copilot-cli
+```
+
+## Configure GitHub Copilot
+
+1. Install and configure the Akeyless CLI.
+2. Edit `~/.copilot/mcp-config.json`.
+3. Add the Akeyless MCP server configuration.
+4. Start GitHub Copilot with MCP enabled.
+
+The following examples show common authentication configurations:
+
+```json Default
+{
+  "mcpServers": {
+    "akeyless": {
+      "command": "akeyless",
+      "args": [
+        "mcp",
+        "--profile", "<profile-name>",
+        "--gateway-url", "https://<your-gateway-url>:8000/api/v2"
+      ]
+    }
+  }
+}
+```
+```json SAML
+{
+  "mcpServers": {
+    "akeyless-saml": {
+      "command": "akeyless",
+      "args": [
+        "mcp",
+        "--access-id", "<access-id>",
+        "--access-type", "saml",
+        "--gateway-url", "https://<your-gateway-url>:8000/api/v2"
+      ]
+    }
+  }
+}
+```
+```json OIDC
+{
+  "mcpServers": {
+    "akeyless-oidc": {
+      "command": "akeyless",
+      "args": [
+        "mcp",
+        "--access-id", "<access-id>",
+        "--access-type", "oidc",
+        "--gateway-url", "https://<your-gateway-url>:8000/api/v2"
+      ]
+    }
+  }
+}
+```
+
+Start Copilot with MCP:
+
+```shell
+copilot mcp
+```
+
+## Verify The Integration
+
+After GitHub Copilot starts with MCP enabled, verify that it can run MCP-backed requests such as:
+
+* "Show me my Akeyless secrets"
+* "List all my targets"
+* "Create a new secret called `api-key`"
+
+## Notes
+
+* The Akeyless CLI serves MCP over `stdio`, so GitHub Copilot must invoke the `akeyless mcp` command directly.
+* When `--profile` is used, the saved CLI profile supplies the authentication settings.
+* Pass `--gateway-url` directly in the Copilot configuration even when the profile already has a saved Gateway value.

docs/AI/MCP/akeyless-mcp-plugin-jetbrains-ides.md → docs/AI Security/MCP/mcp-jetbrains-ides.md

@@ -1,5 +1,6 @@
 ---
 title: Akeyless MCP Plugin for JetBrains IDEs
+slug: mcp-jetbrains-ides
 excerpt: Integrate Akeyless secrets management directly into JetBrains IDEs with MCP
 deprecated: false
 hidden: false
@@ -113,10 +114,12 @@ For profile details and advanced options, see [CLI Profiles](https://docs.akeyle
 
    Note that the project uses a JDK 17 compile toolchain. If the Gradle wrapper fails to start because the default Java version is too new, set `org.gradle.java.home` in `gradle.properties` to a JDK 17 or JDK 21 installation.
 
+Install the generated plugin from disk:
+
 1. In your JetBrains IDE, go to **Settings → Plugins**.
-1. Select the gear icon, and then select **Install Plugin from Disk...**.
-1. Select the generated ZIP file from the `build/distributions/` directory.
-1. Restart the IDE when prompted.
+2. Select the gear icon, and then select **Install Plugin from Disk...**.
+3. Select the generated ZIP file from the `build/distributions/` directory.
+4. Restart the IDE when prompted.
 
 ### Step 4: Configure the Plugin
 

docs/AI/_order.yaml → docs/AI Security/_order.yaml

@@ -1,4 +1,6 @@
+- ai-security
 - akeyless-ai-insight
-- prompt-injection-protection-for-ai-agents
-- MCP
+- identity-and-secrets-intelligence
 - agentic-runtime-authority
+- MCP
+- prompt-injection-protection-for-ai-agents