Set up a VDP with an AI agent
Go from zero to a live vulnerability disclosure program by chatting with an AI agent — create, configure, and activate the VDP through MCP tools, with human confirmation on the steps that matter.
Why It Matters
Setting up a vulnerability disclosure program means working through seven configuration sections, generating a security.txt, and publishing a public reporting portal. An AI agent can drive that entire flow for you through Kit’s MCP tools — you describe what you want, the agent reads the schema, writes the config, and asks for your sign-off before anything goes live.
This is the build side of the CSIRT tooling. The AI Integration page covers the day-to-day triage tools (severity, duplicates, researcher responses). This page covers the four tools that stand a program up from nothing.
The agent is a copilot, not an autopilot. It can read your program state, draft a full configuration, and write it back — but going live, starting a trial, setting bounty amounts, and editing legal text all wait for an explicit human “yes.” Capturing a payment card is never something the agent does.
The Zero-to-Live Flow
Four tools, in order. The agent walks the chain and csirt_get_setup_guide always tells it the next one to call.
| Step | Tool | What Happens |
|---|---|---|
| 1. Orient | csirt_get_setup_guide |
Reports current state, the config schema, recommended defaults, and the exact next_tool to call. Works even on a brand-new account with no program. |
| 2. Create | csirt_create_program |
Creates the VDP in Draft with sensible defaults. Free tier. Idempotent — running it twice returns the same program. |
| 3. Configure | csirt_configure_program |
Sets any subset of the seven config sections in one call. Repeat as needed. |
| 4. Activate | csirt_activate_program |
Publishes the public portal and starts accepting real reports. Requires human confirmation and a configured scope + security.txt contact. |
A typical conversation:
"Set up a vulnerability disclosure program for us. Scope is app.acme.com
and api.acme.com, intake email [email protected]. No bounties yet."
The agent calls csirt_get_setup_guide, sees no program exists, creates one, configures scope and the security.txt contact, then stops and asks you to confirm before going live.
Step 1 — Orient with the Setup Guide
csirt_get_setup_guide is the entry point and the tool the agent returns to between steps. It never dead-ends:
-
No program yet — returns
program_exists: false, a value proposition, the fullconfig_schema,recommended_defaults, andnext_tool: "csirt_create_program". -
Program exists — returns status, report counts, SLA compliance, a
config_checklist(each item annotated with the tool that fixes it), and the next tool to call.
Because the schema and defaults travel with the response, the agent can build a complete, valid configuration without guessing field names. The keys mirror csirt_get_program exactly, so the same shapes work for read, edit, and write-back.
Step 2 — Create the Program
csirt_create_program creates the VDP in Draft status on the free tier. No subscription required.
| Parameter | Required | Description |
|---|---|---|
name |
No | Program name. Defaults to <Account> VDP. |
disclosure_policy |
No | Coordinated-disclosure policy text (markdown). Pre-populated with safe-harbor language if omitted. |
It is idempotent: if a program already exists, the tool returns that one instead of creating a duplicate. The response includes the config_checklist and next_tool: "csirt_configure_program".
Note
Creating a program does not make it public. A draft program accepts no reports and is invisible to the public until you activate it — but you can preview it yourself at any time (see below).
Step 3 — Configure the Program
csirt_configure_program sets any subset of the seven configuration sections in a single call. Keys and field shapes mirror csirt_get_program and csirt_get_setup_guide, so a read → edit → write-back round-trip is lossless.
Important
All monetary amounts are in cents. A $500 bounty is 50000. This applies to the bounty matrix and the minimum payout.
| Section | Key | What It Sets |
|---|---|---|
| Scope | scope_config |
in_scope_targets[], out_of_scope_categories[], excluded_vuln_types[]. Required before activation.
|
| Bounty Matrix | bounty_matrix_config |
tiers: [{severity, min_cents, max_cents}] for informational/low/medium/high/critical/super_critical. |
| SLAs | sla_config |
acknowledgment_hours, resolution_targets {severity => hours}. |
| Triage | triage_config |
default_assignee_id, escalation_severities[], dedup_enabled, require_retest, max_appeals, auto_assign_on_call. |
| Payouts | disbursement_config |
supported_payment_methods[], require_tax_docs, require_agreement, min_payout_cents, currency. |
| Spam | spam_config |
max_reports_per_window, window_seconds, block_duration_seconds, cleanup_interval_seconds. |
| security.txt | security_txt_config |
contact_email (the public intake address — required before activation), expires_days, policy_url, acknowledgments_url, hiring_url, encryption_url. |
You can call this tool as many times as you like while in Draft. The response reports which sections changed, whether the program is now activatable, any remaining activation_blockers, and the next tool.
For the full meaning of each field, see Configuring Your Program, which documents the same seven sections in the web UI.
Previewing the Draft Portal
You don’t have to activate to see the portal. Every setup tool returns a portal_preview_url — the portal rendered exactly as researchers will see it, with a preview banner. It works while the program is still in Draft:
- Account members only. Open the link while signed in to Kit. If you’re signed out, the link sends you to the sign-in page and back; visitors who aren’t members of your account get a 404, so the draft stays invisible to the public.
-
Always on the Kit domain. A custom security domain (for example
vdp.yourcompany.com) starts serving the portal only after activation — your Kit sign-in doesn’t carry over to your own domain, so the preview link always uses thekitURL.
Ask the agent “show me a preview of my VDP page” and it will hand you this link.
Step 4 — Activate (Go Live)
csirt_activate_program takes the VDP live: it publishes the public reporting portal and starts accepting real researcher reports and SLA clocks.
This tool is human-gated. The agent will describe exactly what going live means and wait for your explicit confirmation before calling it.
It also refuses to activate until two things are set:
-
Scope — at least one in-scope target (
scope_config.in_scope_targets). -
security.txt contact — an intake email (
security_txt_config.contact_email).
If either is missing, the tool returns the specific blockers (plus the draft preview_url) and points the agent back to csirt_configure_program with the section to fix. Once live, the response includes the public portal_url — your custom security domain when one is configured, otherwise the Kit URL. You can later pause the program, but the act of going public is what activation guarantees a human approved.
Starting a Free Trial
Bounty payouts, the full triage pipeline, and disbursements live in the VDP Add-on ($49/mo). To evaluate them, the agent can start a free trial:
csirt_start_trial begins a free 30-day VDP trial. It is cardless and self-cancelling — no payment details are captured and it ends on its own — so it is safe to run after a single human “yes.”
Danger
The agent will never capture a payment card. Paid checkout stays in the web UI. For a real subscription, the agent sends you to the pricing page — it does not (and cannot) take card details.
If VDP is already active, the trial tool reports that no trial is needed. After a trial starts, the agent typically returns to csirt_configure_program to set the bounty matrix.
Automatic vs. Human-Confirmed
| The agent does automatically | Waits for a human “yes” | Never agent-actionable |
|---|---|---|
| Read program state and the config schema | Activation (going live / publishing the portal) | Capturing a payment card |
| Draft a full configuration from your intent | Starting a trial | Real paid checkout |
| Write config sections (scope, SLAs, triage, spam, security.txt) | Setting bounty $ amounts | — |
| Create the draft program (idempotent, free) | Editing safe-harbor / disclosure legal text | — |
The agent gathers context and prepares changes freely, but the decisions with real-world consequences — publishing to the world, spending money, and legal language — always route through you.
Quick Checklist
- If using an external MCP client, make sure the connection was granted CSiRT — Read & write on the consent screen — the setup tools are write tools
-
Ask the agent to “set up a VDP” — it starts with
csirt_get_setup_guide - Confirm the program was created in Draft (free tier, no charge)
- Provide scope (in-scope targets) and an intake email for security.txt
- Review the bounty matrix amounts before approving (amounts are in cents)
-
Give an explicit “yes” before the agent calls
csirt_activate_program -
Verify the public
portal_urlreturned after activation -
If evaluating paid features, approve
csirt_start_trial(cardless, 30 days)
Next Steps
- Configuring Your Program — field-by-field reference for the seven config sections
- AI Integration — the triage-side AI tools (severity, duplicates, researcher responses)
- security.txt Setup — RFC 9116 compliance and verification
- Connecting AI Assistants — connect an external MCP client and manage scopes