Red Team operations often involve juggling dozens of tools, manual workflows, and fragile automation. Is AI finally going to save us and help us tie things together? Or are we adding yet another layer of unnecessary complexity? In this talk, I will share how we are using Large Language Models (LLMs) to orchestrate Red Team operations by integrating them directly into our infrastructure, using custom Model Context Protocol (MCP) servers.

MCP provides LLMs with access to in-house tools and data, providing a natural language interface between operators and backend systems. I will walk through how we wired it up to perform tasks like querying implant data, launching redirectors, checking logs, and flagging OPSEC risks in payloads. The focus will be on practical implementation details: what worked, what didn’t, and how we handled LLM limitations in the context of real operations.

You will learn how MCP works under the hood, what components are needed, how it interfaces with tools, and how we deal with model safety filters that can get in the way of offensive use cases. The goal is to show how accessible it is to build your own interface, and how LLMs can become a useful part of your Red Team toolkit today. I will conclude with ideas for where this kind of integration makes the most sense, and where it still falls short.

This talk is for anyone curious about leveraging LLMs to finally sweet-talk your tooling into doing what you want it to, whether in security, operations, or elsewhere.