MISSION BUILT
The Loadout/The Spotter/Sample

▮▮▮Spotter MCP · Worked sample▮▮▮

Walkthrough.

All three phases on one synthetic epic.

One epic — Adversary-Informed Vulnerability Prioritization — taken through each of the Spotter's three phases. Real output from the v0.2.0 skill, not a mockup.

Phase 01

Build.

Starting from blank

You have an initiative and a blank page. The Spotter walks you through the questions a strong epic answers, one at a time, and turns your answers into a working draft.

Start with use the spotter to build an epic on adversary-informed vulnerability prioritization

Conversation

Spotter
Let's start with the user. Who feels this most, and what's hard about it for them today?
You
vuln management engineers at enterprises. they patch the wrong things because CVSS doesn't know what's actually being exploited or what assets matter
Spotter
Good. Now the harder question — what does it feel like to be one of those engineers on a Monday morning, looking at their patch queue?
You
they know the queue is wrong. half their time is spent recalibrating it by hand against threat intel and asset data. the calibration goes stale the moment they finish
Spotter
Capturing that. Next: how is this solved today? Tooling, workarounds — what do these engineers already lean on?
Deliverable · Draft

Working draft · Adversary-Informed Vulnerability Prioritization v0.1

First-pass epic, organized by what a strong epic answers.

  • The user and the problem

    VM engineers at security-mature enterprises. They patch the wrong things because CVSS-sorted backlogs miss what matters. Half their time is hand-recalibrating against threat intel and asset data. The work queue, not the score, is the goal.

  • Competitive landscape

    Tenable VPR, Qualys TruRisk, Rapid7 Active Risk. All three score well in RFPs but underperform in adoption because scores live in a column users have to choose to sort by.

  • What we're betting on

    The four-way join — first-party telemetry, threat intel, EDR-discovered inventory, agent-side configuration. Competitors have one or two; we have all four. 18–24 month window before parity.

  • How we'll build it

    AI accelerated. LLM reasoning powers the explainability layer and the daily refresh logic. Static rules would force every customer to use the same weighting.

  • What else changes

    Stub. Ticketing integration named; full cascade still to draft.

  • Packaging and pricing

    Premium and Enterprise. Included in the existing VM module. No tier upsell. Pricing committee notified.

  • Launch readiness

    GA tied to Q2 release. Documentation with migration guide. Field enablement. Launch blog and case study from a design partner.

  • After it ships

    Adoption, patch SLA improvement, NPS. Quarterly review.

  • Trust and governance

    Stub. Manual overrides with audit trail named; granular trust model and RBAC still to draft.

Phase 02

Iterate.

Working a draft

You have a draft and one section is weaker than the rest. Tell the Spotter which one, and you'll get specific suggestions for how to strengthen it.

Start with iterate on this epic with the spotter — trust and governance

Conversation

You
the trust and governance section is thin — what do i need to add
Spotter
Read it. You've got the audit trail piece, which is the floor. The gap is the trust gradient — for a B2B AI feature, customers earn trust signal by signal, not in a binary toggle. Four places to push.
Deliverable · Suggestions

Section · Trust and governance

Four places to push.

  • 01

    Describe the trust gradient. Customers don't trust the prioritized queue all at once. They trust it signal by signal: observation → recommendation → approve-to-execute → auto-execute. Spell out the four levels and the rules for moving between them.

  • 02

    Name who can grant trust at each level. SOC manager? CISO? Tier 2 analyst? Map to real roles. RBAC isn't a launch-day afterthought for a feature that changes which patches get priority.

  • 03

    Commit to transparency in writing. The Approach section mentions the explainability layer. Lens 9 needs the commitment: AI-driven priority changes show their reasoning, the team has read it, and the action is logged.

  • 04

    Describe the audit trail surface. Every priority change — agent-driven or human-driven — produces an auditable record: who, what, when, why, evidence, outcome. Compliance teams will require this. The epic should name it.

Phase 03

Review.

Before stakeholders see it

The epic is complete. The Spotter walks all nine sections, calls a verdict on each, and gives you a headline plus suggestions where strengthening is worth your time.

Start with run the spotter on this epic

Conversation

You
full review please
Spotter
Done. Verdict: Not ready. Strong on the user and the problem. Trust and governance is missing on an AI feature, which triggers the blocker. Full report below.
Deliverable · Verdict

Epic · Adversary-Informed Vulnerability Prioritization

Strong on the user and the problem. Trust and governance triggers the blocker.

Pass

1

Needs work

6

Missing

2

  • The user and the problem Pass 12%
  • Competitive landscape Needs work 10%
  • What we're betting on Needs work 14%
  • How we'll build it Needs work 12%
  • What else changes Missing 10%
  • Packaging and pricing Needs work 9%
  • Launch readiness Needs work 11%
  • After it ships Needs work 10%
  • Trust and governance Missing · blocker 12%

Where to push next

Trust and governance Missing · triggers blocker

"Manual overrides with an audit trail is the floor, not the trust story."

You could strengthen this by

  • Describe the gradient: observation → recommendation → approve-to-execute → auto-execute. Customers earn trust signal by signal, not in a binary toggle.
  • Name who in the customer org can grant trust at each level. SOC manager, CISO, Tier 2 analyst — map to real roles.
  • Commit to transparency. AI-driven priority changes show their reasoning, and the team has read it. No silent autonomy.
  • This is the lens that escalates the verdict. Even rough text here moves the epic out of Not ready.
What else changes Missing

"Ticketing is mentioned in passing. The rest of the cascade isn't named."

You could strengthen this by

  • Name what else changes when the prioritized queue replaces CVSS-sorted as the default workflow. Dashboards, reports to leadership, notification flows, compliance exports.
  • Adjacent areas where users will ask "why isn't this also updated?" — and the explicit answer to each.
  • Side effects. A workflow change that improves VM but leaves change management or compliance reporting untouched might net negative.
How we'll build it Needs work

"AI accelerated is clear. Skills-first and UI restraint are missing."

You could strengthen this by

  • Address skills-first thinking. Could the prioritization capability be exposed as a skill or MCP tool so it lives beyond the UI and composes into other agentic workflows? The four-way join is reusable IP.
  • A new "Prioritized Queue view" is a new screen. Test whether the prioritization could happen in the existing list view, replacing the sort order. New screens are the most expensive way to ship a capability.
Launch readiness Needs work

"Marquee bullets hit. Rollback, sequencing, and PLG are missing."

You could strengthen this by

  • Add the PLG layer. In-product guides, walkthroughs, tours. Customers who don't read the launch blog discover this in the product.
  • Name the rollback. If the prioritized queue underperforms, can teams revert to CVSS-sorted easily? Migration guide is one-way.
  • Sequencing details. Quiet beta, design-partner cohort, GA — what's the cadence and what are the gate criteria between waves?
  • Calculators or proof tools. For a feature that changes how teams patch, a "what would this have caught last quarter?" lookback tool is high-leverage enablement.
← Back to The Spotter

A spotter lifts the lifter. Not the bar.