Architect + Claude MCP = Magic (Part 2)

In Part 1, we unveiled Rogue Architect, our drag-and-drop lab builder — and we teased that something bigger was coming. This is it.

Buckle up, because it's completely changed how we build Red/Blue cyber range scenarios here at Rogue Labs. You won't ever build labs the same way again.

So how does our Claude MCP work? It's four Claude Code skills sitting on top of the Rogue Arena MCP toolkit (100+ tool calls). Each skill takes a slice of lab work that used to be hours of clicking, researching, or writing Ansible — and turns it into a conversation.

1. /architect-brainstorm

This is the one we teased in Part 1. Type a prompt like "Build me a mid-size tech startup red team scenario with a parent domain, a subsidiary domain, and a DMZ," and Claude immediately flips into brainstorm mode, asking you questions and walking you through four distinct phases of scenario creation.

Phase 1: The Shape. Claude asks a few questions about the company you want to build on the canvas. Name, industry, size, security maturity. Then it drafts the VLANs, machines, domains, and high-level infrastructure.

Phase 2: The Cast. Claude dispatches parallel subagents to generate characters for every Domain, and even assigns them workstations from your scenario. Names, titles, hobbies, password habits, file organization habits, relationship events between each other, who reuses credentials, who hates IT. Real people your red team will actually recognize when they pop a box and read someone's Outlook. Building a Red Rising-themed scenario? Key players from fictional universes are assigned roles in the company that just make sense (shoutout to Darrow, the CEO).

Phase 3: Going Deeper. With the high-level plan mapped out, Claude immediately sets to work querying the Rogue Architect plugin repository, mapping plugins to every machine and building out a verbose plan. Domain controllers get “Create DC” plugins. Workstations get “Join to Domain” plugins. Users are set to auto-login. And the fun part, Claude dynamically generates hundreds of files to “seed” across systems in the scenario. These files match the user insights built in Phase 2 above, and their role at the company.

Don’t be surprised to see a letter from HR sitting on the IT Admins Desktop repremanding them for watching Netflix during their shift :)

Phase 4: The Heist. (Optional.) Claude walks through your scenario helping you map exploit paths.

At every hop, it queries the Rogue Architect plugin database to surface available vulnerability plugins and makes recommendations. By the end, you have a complete exploit chain — initial access, multi-hop pivots, vulnerability chaining — and Claude can even build an optional "crown jewel" target at the end of the chain.

Every phase is fully conversational. Tweak plans, adjust exploit paths, change direction — Claude adapts until the scenario is exactly what you envisioned.

Phase 5: Implementation.

This phase is the best of all. With the plan in place, Claude takes over dynamically building out your entire multi-domain Active Directory scenario in Rogue Architect via the MCP tooling. Every system, plugin, and user is accounted for. VLANs, machines, plugins, parameters, exploit paths, all of it lands as draft changes.

Once complete, you review the draft changes, click accept to apply them to your scenario. After that just click build to provision the scenario into VMs that you can log in to and control.

And on the off chance the deployment fails, Claude has an active debugger skill and can query YML Ansible logs, check plugin source code, and pinpoint any failures.

This one alone has been worth the entire project. Scenarios that used to take weeks of tedius Ansible design now happen in 15 minutes of back-and-forth.

And the best part? Once your scenario is built. Every one of the 100+ MCP tools is still available to Claude. Just run /architect-freeform and command Claude to investigate your current scenario, check on users present, add one-off files, and way more. Iterative building is still just as easy.

2. /rogue-curriculum-builder

Here's the thing about a great lab. Curriculum can MAKE or BREAK the student experience.

Nobody wants to dig through thousands of lines of wiki walkthroughs. An interactive CLEAN curriculum should accompany it. A 50-machine Active Directory forest is just a pile of VMs without an engaging story, objectives, or a learning path to go with it.

Our Claude curriculum plugin turns this all into a conversation, too.

With your scenario built, just tell Claude how you want to break up the CTF/Scenario tasks. Explain the section/chapter layout, what content should go in each chapter, etc.

Building a “lunch and learn” for your team on ADCS?

Tell Claude to design an epic ADCS scenario based on a real-world e-commerce enterprise network. Then tell Claude what you want the lab curriculum to look like including steps of how to enumerate vulnerable ADCS certificates, and how to exploit them.

Everything is done and ready to test. Chapters, sections, rich text, embedded videos, code blocks, multiple choice questions, file upload questions, flag gated progression, unlock keys, all of it.

It handles both LINEAR layouts (step-by-step courses) and CTF graph layouts (nodes with edges where students pick their path). It also bulk populates efficiently, so when you ask for "twelve sections covering Windows persistence," you don't sit there watching it build one at a time.

Internally, I've started outlining what I want to teach, handing it to Claude, and iterating on the output instead of staring at an empty chapter editor. It's a completely different drafting experience.

3. /rogue-active-deployment

Quick aside on this skill…it doesn’t have anything to do with Rogue Architect, but its a game changer for prepping and automating Red Team operations.

Here's the headline: automated red team TTP development is here.

Learn more at our sister post HERE

4. /rogue-plugin-dev

Part 1 mentioned our plugin library has over 100 plugins and that we're always adding more. The truth is, plugins are a ton of work.

Writing Ansible that installs offline, pulling the right artifacts, wiring up parameters, uploading vault files, and testing end-to-end.

Well… plugin dev just became a conversation, too.

Say you want a plugin that installs a specific Defensive agent to test against. Claude researches the offline install path (apt, rpm, MSI, Chocolatey, Docker image, whatever fits), decides whether it should be a single plugin or a set, scaffolds the project, writes the metadata, drafts parameters with realistic sample values, and generates download scripts for any artifacts.

Then in the development loop Claude rips into a failing deployment via MCP tools, finds bugs, updates the plugin code, changes out any vault files, adjusts user-specified parameters, and then kicks off a fresh build. This is done in a loop. Until it's green.

We've been using this skill internally and most recently built a massive Exchange Email plugin which sets up exchange, seeds mailboxes, artifact emails, and other complicated tasks, and it's as easy as a breeze.

Wanna check it out?

This new Claude + Architect workflow has been a game changer for us here at Rogue Labs. Building large, mature, realistic training scenarios now takes a tenth of the time it used to and it’s available right now for all of our current customers.

The Star Wars scenario from Part 1? Real. We've built it. We've also built a Dunder Mifflin themed scenario, three pharma companies, a fintech, and a municipal water utility — each with different Active Directory topologies, full character backstories, seeded files, and working exploit paths. Every one of them started with a single sentence and a conversation.

Part 1 was about making lab building visual and drag-and-drop. Part 2 is about making it conversational.

Same platform. Same canvas. Same plugins. Just an AI co-pilot sitting on top of all of it through MCP.

And we're just getting started.

Want to try it out for yourself? Book a demo! https://landing.roguelabs.io/cyber-range