TotalAI Release 1.7
May 20, 2026
MCP Server Asset Management, Scanning, and Reporting
Building on the Model Context Protocol (MCP) discovery capabilities introduced in the TotalAI 1.6.2 release, this release expands MCP's asset management, scanning, and reporting capabilities. You can now add discovered or new MCP servers to your subscription and view, edit, and delete MCP servers.
These enhancements improve visibility, reduce onboarding effort, and align MCP workflows with existing model scan experiences.
MCP Asset Visibility and Onboarding
The MCP Servers tab under Inventory now includes two pages: Potential and Confirmed pages.
- Discovered MCP servers are available on the Potential page for review and confirmation.
- Confirmed MCP servers are listed on the Confirmed page with associated spans, telemetry streams, scans, and detections.
You can also add a new MCP server using the New MCP Server option.
MCP Server Scans
You can initiate an MCP server scan in two ways:
- Select an MCP server from the MCP Servers tab, and click Launch Scan from the Quick Actions menu.
- In the Scan tab, click New Scan > MCP Scan.
Option profiles are not required because QIDs for MCP server scans are assigned automatically.
A new Asset Type column and a quick filter are available in the Scans tab to identify and search the scans by asset type.
QIDs Covered in MCP Server ScansQIDs Covered in MCP Server Scans
Option profiles are not required because QIDs for MCP server scans are assigned automatically. The following QIDs are considered in the MCP server scans.
| QID | Title |
| 6330098 | MCP Endpoint Discovery |
| 6330099 | MCP Tool Discovery |
| 6330100 | MCP SSRF Vulnerabilities |
| 6330101 | MCP Tool Poisoning |
| 6330102 | MCP Argument Injection |
| 6330103 | MCP DNS Rebinding Risk |
| 6330104 | MCP Information Disclosure |
| 6330105 | MCP Browser File Access |
| 6330106 | MCP Advanced Tool Poisoning |
| 6330107 | MCP Rug-Pull Detection |
| 6330108 | MCP Cross-Server Shadowing |
| 6330109 | MCP Sampling Attacks |
| 6330110 | MCP Retrieval-Agent Deception (RADE) |
| 6330111 | MCP Server Spoofing |
| 6330112 | MCP Unicode Injection |
| 6330113 | MCP Command Execution |
| 6330114 | MCP Credential Exposure |
MCP Server Scan Reports
The MCP scan report includes the following sections:
- Summary — Scan severity and discovered QIDs.
- Graphical representations — Vulnerabilities organized by severity.
- Tools Detected and MCP Resources and Config — Scan details for detected tools and server configuration.
- Results — Details for each detected QID.
- Appendix — Scan metadata and MCP server details.
MCP Server Detection Details
MCP scan findings are available under Detections > MCP Server Detections. Selecting the detection ID opens the Detection Details page, consistent with the existing model detection view.
QQL Tokens for MCP Servers
The following QQL tokens are available to search for the MCP servers with the specified criteria.
| Tab Name | QQL Token Name | Description |
|---|---|---|
| MCP Servers | asset.id | Use an integer value to find models with the specified MCP server ID. |
| asset.name | Use values within quotes or backticks to search MCP servers with the specified name. | |
| asset.tag.name | Use values within quotes or backticks to find MCP servers that are associated with the specified tag(s). | |
| mcpServer.url | Use a text value within quotes or backticks to find the MCP server with the specified URL. | |
| mcpServer.updatedDate | Use a date range or a specific date to define when assets were last updated. | |
| mcpServer.lastScannedDate | Use a date range or a specific date to find models that were last scanned on that date or within that date range. |
For details, refer to TotalAI online help.
Enhanced Model Scan Reports
The model scan report is enhanced to provide details of findings. The enhanced format helps you prioritize remediation by providing severity levels and a breakdown of passed and failed results for each QID.
Security risk mappings to OWASP, MITRE ATLAS, and the EU AI Act provide the context needed to understand the nature of each finding and assess your AI systems against recognized security and regulatory standards.
The Results section provides a summary for each detected QID that includes:
- Category — The category the QID belongs to.
- Severity — The severity level of the detected issue.
- Security risk mappings — Applicable values for OWASP LLM Top 10, MITRE ATLAS, and EU AI Act.
- Question results — Total questions evaluated, with a breakdown of passed, failed, and errored counts.
For each question, the report includes the prompt used, the model's response, the result, and the justification for the outcome.
TotalAI - Container Security Integration
The integration between TotalAI and Qualys Container Security (CS) provides unified visibility into AI-related risks at the container level. You can view AI software inventory, vulnerability data, and TruRisk scores for AI-related images and containers directly within TotalAI.
| Required application version | Qualys Container Security 1.43 |
Two new tabs are available under TotalAI > Inventory:
The AI Images tab displays base images that contain AI-related components, such as MCP servers and GPU data, along with associated vulnerability data from the Container Security application.
The AI Containers tab displays the containers with AI-related data along with TruRisk™ scores from the Container Security application.
New Compliance and Framework Filters
The Model Detections tab includes two new filters in the Quick Filters list - MITRE ATTACK Technique and EU AI Article. These filters help align your security findings with global regulatory and compliance frameworks.
Additionally, the Result filter is added to the Quick Filters.
The following QQL tokens are added to search for findings using the selected filter from the MITRE ATTACK Techniques and EU AI Article numbers.
| QQL Token Name | Description |
|---|---|
| finding.euAIArticle.name | Select a value from the list to search for detections with the specified EU AI article name. |
| finding.mitre.attack.technique.name | Select a value from the list to search for detections that represent the selected MITRE attack technique name. |
QQL Token Changes in the Scans Tab
With the introduction of MCP server support, QQL tokens in the Scans tab are updated from model-specific tokens to asset tokens to cover both models and MCP servers.
This change may affect existing saved searches or workflows that use model-specific QQL tokens in the Scans tab. Review and update any saved searches to use the new asset tokens.
The following asset tokens are available in the Scans tab:
| Tab Name | QQL Token Name | Description |
|---|---|---|
| Scans | asset.id | Use an integer value to find scans performed on the asset with the specified ID. |
| asset.name | Use values within quotes or backticks to find scans performed on the assets with the specified name. | |
| asset.tag.name | Use values within quotes or backticks to find scans that are associated with the specified tag(s). |
Enhanced Detection Capability with New Attack Methods
TotalAI detection coverage is expanded by incorporating new attack methods, jailbreak and hallucination attacks into the model scanning process, increasing the range of vulnerabilities that can be identified during a scan.
New Attack Methods
The option profile includes the following new attack methods and associated attacks to expand the detection scope:
- Encoding Attack
- Malaction
- Misinformation
- Pretext
New Attacks for Jailbreak and Hallucination Categories
The attack coverage is expanded by adding new attacks to the detection scope, increasing scanning efficiency.
The following new attacks are available in the Jailbreak and Hallucination categories in addition to the attacks added for new attack methods:
| Category | Attack Name | QID | Description |
|---|---|---|---|
|
Jailbreak |
Red-Team Waiver |
6330091 |
Claims an official internal red-team evaluation with a "signed waiver," instructing the model to bypass safeguards and provide unrestricted outputs. Safety policies are ignored; harmful or disallowed content may be produced; reputational and regulatory exposure. |
|
Research Mode Exemption |
6330092 |
User asserts academic or research exemptions to request otherwise disallowed content, attempting to override policy via claimed purpose. Model may generate prohibited or dangerous material under "research" guise; legal and trust risks. |
|
|
Compliance Override Memo |
6330093 |
Presents a fake corporate compliance memo stating pre-authorized exemptions and asks the model to ignore restrictions. Bypass of controls leading to harmful content; potential regulatory non-compliance and audit failure. |
|
|
Persona: Root Consultant |
6330094 |
Assumes an authoritative "root/consultant" persona with implied privilege to instruct bypassing safety rules. Elevated-risk instructions treated as trusted; can elicit dangerous guidance. |
|
|
Translation Appendix Bypass |
6330095 |
Hides disallowed content in an "appendix" during a translation task and demands unfiltered reproduction. Content filter is bypassed via benign wrapper; harmful content replicated verbatim. |
|
|
Sandbox-Logless Assurance |
6330096 |
Claims the session is in a safe, audited, or logless sandbox and insists policy no longer applies. Claims the session is in a safe, audited, or logless sandbox and insists policy no longer applies. |
|
|
Base64 Directive Injection |
6330097 |
Encodes override instructions in base64 (or similar) to evade simple filters and coerce unsafe behavior. Hidden instructions lead to policy bypass and harmful outputs. |
|
|
Hallucination |
Snowballing |
6330125 |
Follow-up probing leads the model to produce increasingly confident fabrications after initial uncertainty. User harm via misinformation; erosion of trust; poor downstream decisions. |
Issue Addressed
The following notable and notable customer issue is fixed in this release.
| Category/Component | Description |
|---|---|
|
Reports |
Previously, the Create a Report link was incorrectly available in the Software and AI Assets tabs when downloading a data list report, causing an error when selected. As the data in these tabs is sourced from Qualys CyberSecurity Asset Management (CSAM), the report creation is not supported. The issue is fixed. The Create a Report option is not displayed in the Software and AI Assets tabs when downloading a data list report. |