Agents, tools & MCP
What an agent is made of, the two agent types, how tools run locally or in the cloud, how MCP servers extend them, and how operations are billed.
Agent
An agent is the unit that does the work. Every agent is the combination of four things:
- a model (the LLM that reasons and decides),
- instructions (the system prompt that defines its mission and behaviour),
- tools (the actions it can take), and
- MCP servers (optional remote tool providers).
There are two kinds of agent:
| Type | Purpose |
|---|---|
pentest | Assigned to a pentest phase. These agents carry out reconnaissance, enumeration and analysis. |
general / chat | Free-form conversational agents for open-ended questions and long-running tasks outside the phase pipeline. |
Pentest agents are bound to a specific phase and run as part of an engagement; general/chat agents are driven directly through chat.
Tool
A tool is a concrete action an agent can invoke — running a scanner, querying a service, navigating a page. Each tool declares an execution mode that determines where it runs:
execution_mode | Runs on |
|---|---|
local | Your machine, via the CLI — useful for internal targets and software you already have |
cloud | Rank’s infrastructure — nothing to install |
both | Either location |
The platform ships with more than 35 built-in pentest tools, including nmap, nuclei, gobuster, sqlmap and whois, alongside browser-automation actions. A local tool carries a command template that the CLI fills in and runs on your host.
MCP server
Built-in tools are limited to what’s installed on Rank’s infrastructure. MCP servers (Model Context Protocol) lift that limit by letting an agent connect to a remote server that exposes tools dynamically. The platform never hosts MCP servers itself — you declare your own remote servers and assign them to your agents.
MCP servers connect over one of two transports:
| Transport | Description |
|---|---|
streamable_http | A remote MCP server reached over HTTP |
sse | A remote MCP server reached over Server-Sent Events |
When a pentest runs, the backend hands the agent’s configuration — its built-in tools plus its assigned MCP servers — to the executor, which connects to each MCP server, discovers its tools, and calls them as the model requests. MCP servers are a feature of the paid tiers.
Operation
Every time an agent gets a response from its model, that response is recorded as an operation. An operation captures the input and output token counts and the computed cost_usd, which is what billing and AI-budget tracking are built on.
Operations are how usage rolls up: each engagement and chat accumulates operations, and their cost is compared against your tier’s monthly AI budget. See Teams & tiers for how budgets work.