AI is transforming cybersecurity at every level of the security operations stack. The global cybersecurity market reached approximately $227.6 billion in 2025 and is projected to grow to $352 billion by 2030 at a 9.1% CAGR. AI specifically applied to cybersecurity is growing far faster — from approximately $25–31 billion in 2024–2025 to $86–105 billion by 2030 at a 22–27% CAGR. Generative AI in cybersecurity alone is projected to grow from $8.65 billion in 2025 to $35.5 billion by 2031 at a 26.5% CAGR. Behind these numbers is a chronic global shortage of approximately 3.4 million cybersecurity professionals, making AI-augmented security operations not just desirable but essential.
The MCP ecosystem for cybersecurity is one of the most active verticals. Major vendors including Google (Security Operations), PortSwigger (Burp Suite), Semgrep, Snyk, Check Point, Elastic, and Microsoft (Sentinel) have released official MCP servers. The community side is even more prolific — FuzzingLabs’ mcp-security-hub bundles 38 MCP servers covering 300+ offensive security tools, GhidraMCP leads with 8,100+ stars, and BurtTheCoder maintains a widely-used suite of OSINT and threat intelligence servers. Between January and February 2026 alone, security researchers filed over 30 CVEs targeting MCP infrastructure itself, underscoring both the ecosystem’s rapid growth and the critical importance of securing it.
MCP — the Model Context Protocol — provides a standardized way for AI agents to connect to security platforms, scanning tools, threat intelligence feeds, and forensic infrastructure. Rather than building custom integrations for each security API, MCP-connected agents can query SIEMs, scan for vulnerabilities, analyze malware, investigate incidents, and hunt for threats through defined tool interfaces. For an introduction to MCP itself, see our introduction to MCP.
This guide is research-based. We survey what MCP servers exist across the cybersecurity and threat intelligence landscape, analyze the architecture patterns they enable, and identify where significant gaps remain. We do not claim to have tested or used any of these servers hands-on — our analysis draws on published documentation, open-source repositories, vendor announcements, and industry research. Rob Nugen operates ChatForest; the site’s content is researched and written by AI. For background on MCP, see our introduction to MCP and the MCP server directory.
Why Cybersecurity Needs MCP
Security operations involve constant context-switching across dozens of tools — exactly the kind of fragmented workflow that MCP is designed to unify.
SOC analysts juggle too many dashboards. A typical security operations center uses 25–50 different security tools. Analysts pivot between SIEM dashboards, EDR consoles, threat intelligence platforms, ticketing systems, and communication channels. MCP-connected agents can query across these systems in a single conversational flow — pulling logs from the SIEM, enriching indicators from threat intelligence, and checking endpoint status from the EDR — without manual dashboard switching.
Alert fatigue is the dominant operational challenge. SOC teams face thousands of alerts daily, with false positive rates commonly exceeding 50%. MCP servers connecting AI agents to SIEM platforms, threat intelligence feeds, and vulnerability databases enable automated triage — enriching alerts with context, correlating indicators across sources, and prioritizing based on organizational risk.
Threat intelligence requires cross-source correlation. Effective threat analysis requires checking indicators of compromise (IOCs) across multiple sources — VirusTotal for file hashes, Shodan for exposed infrastructure, WHOIS for domain registration, AbuseIPDB for IP reputation, and MITRE ATT&CK for technique mapping. MCP servers for each of these sources let AI agents perform multi-source correlation automatically.
Incident response demands speed and breadth. When an incident occurs, responders need to query logs, check endpoint status, analyze suspicious files, investigate network traffic, and document findings — often within minutes. MCP-connected agents can execute these investigative steps in parallel, dramatically reducing mean time to respond (MTTR).
SIEM and Security Operations
Security Information and Event Management (SIEM) platforms are the nerve center of security operations. Several major SIEM vendors have released official MCP servers.
Official SIEM MCP Servers
Google Security Operations (mcp-security) (google) | ~458 stars | Python Google’s official MCP repository containing 5 servers that integrate with Google’s security product suite. The Chronicle SecOps server provides threat detection, investigation, and hunting capabilities. The SOAR server enables security orchestration, automation, and response. Google Threat Intelligence (GTI) provides access to Google/Mandiant’s threat intelligence datasets. Security Command Center (SCC) covers cloud security posture and risk management. A fifth remote MCP server provides fully managed, enterprise-ready infrastructure. Supports Google’s Application Default Credentials for authentication. Compatible with Claude Desktop, Cline, Google ADK Agents, and Gemini CLI.
Microsoft Sentinel MCP Server | Official | Managed service Microsoft’s Sentinel SIEM offers a built-in MCP server providing natural language access to security data across tabular and graph formats. Available through GitHub Copilot, Copilot Studio, Microsoft Foundry, and ChatGPT agent building experiences. Delivered as a fully managed service with enterprise-grade performance. Part of Microsoft’s broader push to make Sentinel data accessible through open APIs and Delta Parquet format.
Elastic Security MCP Server (elastic/mcp-server-elasticsearch) | Official Elastic’s MCP server enables SIEM and threat hunting through natural language queries against Elasticsearch indices. Allows security teams to search logs, correlate events, and investigate incidents using conversational interfaces rather than complex query languages.
Community SIEM/Log Analysis Servers
Wazuh MCP Server (gbrigandi/mcp-server-wazuh) | Community | Python Integrates with Wazuh’s XDR and SIEM platform for log analysis, forensic investigation, and compliance reporting. Enables natural language queries like “Show me critical vulnerabilities on web servers” against Wazuh deployments. Supports alert queries, vulnerability lookups, and agent status monitoring.
RunReveal MCP Server | Official documentation available Enables querying security logs at scale through MCP. Designed for security teams that need to search and analyze large volumes of log data through AI assistants.
Splunk MCP | Community implementations Several community projects wrap Splunk’s REST API in MCP interfaces, enabling AI agents to execute SPL queries, retrieve search results, and monitor dashboards. No official Splunk MCP server yet, but the ecosystem is active given Splunk’s market dominance.
Vulnerability Scanning and Code Security
Vulnerability scanning has strong MCP coverage with both official vendor servers and community wrappers around popular open-source tools.
Official Vulnerability Scanning Servers
Snyk Agent Scan (snyk/agent-scan) | ~1,700 stars Snyk’s security scanner for AI agents, MCP servers, and agent skills. Auto-discovers agents and their capabilities, connects to MCP servers, retrieves tool descriptions, and validates components against known vulnerability patterns. Detects 15+ distinct security risk categories including prompt injections, tool poisoning, and toxic flows. Available as both a CLI scanner and an MCP server that other agents can invoke.
Semgrep MCP Server (semgrep/mcp) | Official Semgrep’s official MCP server wraps their static analysis engine with 5,000+ detection rules. Enables AI agents to scan code for security vulnerabilities, misconfigurations, and anti-patterns. Supports multiple languages and frameworks with customizable rule sets.
Snyk MCP Server (sammcj/mcp-snyk) | Community Community-built MCP server for Snyk’s broader vulnerability scanning capabilities beyond agent-scan. Provides access to Snyk’s vulnerability database and scanning functionality through the MCP interface.
Community Vulnerability Scanning Servers
Nuclei MCP (addcontent/nuclei-mcp) | 7 tools Wraps ProjectDiscovery’s Nuclei vulnerability scanner with access to 8,000+ detection templates. Enables AI agents to run template-based scans against targets, covering web applications, network services, cloud misconfigurations, and known CVEs. One of the most comprehensive scanning tools available through MCP.
Trivy MCP | 7 tools Wraps Aqua Security’s Trivy scanner for container image, filesystem, and infrastructure-as-code vulnerability scanning. Enables AI agents to check Docker images for known CVEs, scan Terraform/CloudFormation templates for misconfigurations, and audit Kubernetes manifests.
Prowler MCP | 6 tools Cloud security auditing across AWS, Azure, and GCP. Wraps Prowler’s 300+ cloud security checks in an MCP interface, enabling AI agents to audit cloud environments against CIS benchmarks, PCI-DSS, HIPAA, and other compliance frameworks.
AI-Infra-Guard (Tencent/AI-Infra-Guard) Tencent’s comprehensive vulnerability assessment tool for AI infrastructure. Provides intelligent analysis of MCP servers, AI frameworks, and model deployment configurations for security weaknesses.
Threat Intelligence
Threat intelligence has excellent MCP coverage, with servers connecting to major commercial and open-source intelligence platforms.
Threat Intelligence Feed Servers
VirusTotal MCP (BurtTheCoder/mcp-virustotal) | ~109 stars | JavaScript The most widely-used threat intelligence MCP server. Provides tools for analyzing URLs, files (by hash), IP addresses, and domains with comprehensive security reports. Includes relationship analysis to trace connections between malicious infrastructure, and pagination support for handling large result sets. Requires a VirusTotal API key.
AlienVault OTX MCP (mrwadams/otx-mcp) Interface to AlienVault’s Open Threat Exchange (OTX) feeds. Provides access to community-contributed threat intelligence including IOC collections, pulse subscriptions, and threat indicator analysis. OTX is one of the largest open threat intelligence communities.
fastmcp-threatintel (4R9UN/fastmcp-threatintel) AI-powered threat intelligence aggregator integrating with VirusTotal, AlienVault OTX, AbuseIPDB, and IPinfo APIs. Features advanced APT attribution and automatic MITRE ATT&CK technique mapping for analyzed indicators.
ThreatFox/AbuseIPDB MCP | Multiple implementations Several MCP servers provide access to ThreatFox (abuse.ch) malware IOC feeds and AbuseIPDB reputation data. These are popular starting points for SOC teams building AI-assisted triage workflows.
Google Threat Intelligence (GTI) | Part of google/mcp-security Google’s official threat intelligence server, providing access to Google/Mandiant’s threat intelligence datasets through MCP. Includes data from Mandiant’s incident response practice, VirusTotal’s global submission database, and Google’s visibility into internet-wide threats.
urlDNA MCP (urldna/mcp) Specialized phishing detection and URL analysis service. Enables AI agents to analyze suspicious URLs for phishing indicators, domain reputation, and malicious content.
IP/Domain Intelligence Servers
Shodan MCP (BurtTheCoder/mcp-shodan) | ~120 stars | JavaScript Comprehensive access to Shodan’s internet-wide device and service intelligence. Provides IP reconnaissance, DNS operations, vulnerability tracking, CVE/CPE intelligence, and device discovery. One of the most popular security MCP servers, useful for both offensive and defensive security teams.
ZoomEye MCP (zoomeye-ai/mcp_zoomeye) Interface to ZoomEye’s cyberspace search engine. Retrieves network asset information using dorks and search parameters, similar to Shodan but with particular strength in Chinese internet infrastructure.
NetworksDB MCP (MorDavid/NetworksDB-MCP) | 4 tools IP, ASN, and DNS record lookups via NetworksDB. Enables AI agents to investigate network infrastructure, identify hosting providers, and map organizational network footprints.
ADEO CTI MCP (ADEOSec/mcp-shodan) Combined Shodan and VirusTotal threat analysis in a single MCP server. Designed for cyber threat intelligence teams that routinely correlate network exposure with malware intelligence.
OSINT (Open Source Intelligence)
OSINT has a dedicated community of MCP server developers, with a curated awesome-list tracking the ecosystem.
Username and Social Media Intelligence
Maigret MCP (BurtTheCoder/mcp-maigret) OSINT tool for collecting user account information across 2,500+ platforms. Given a username, it checks for account existence across social media, forums, dating sites, and other platforms. Powerful for identity investigation and attribution research.
Xquik (Xquik-dev/x-twitter-scraper) X/Twitter OSINT platform providing user lookup, follower extraction, engagement analysis, account monitoring, and giveaway draws through MCP.
Domain and DNS Intelligence
DNStwist MCP (BurtTheCoder/mcp-dnstwist) DNS fuzzing tool for detecting typosquatting, phishing domains, and corporate espionage attempts. Generates permutations of domain names and checks which are registered, making it valuable for brand protection and phishing investigation.
OSINT Toolkit | Available via PulseMCP Unified interface for network reconnaissance with parallel execution of OSINT tools including WHOIS, Nmap, DNS lookups, and typosquatting detection.
OSINT Aggregation
OSINT Tools MCP Server (frishtik/osint-tools-mcp-server) Exposes multiple OSINT tools for AI assistants, enabling sophisticated reconnaissance and information gathering using industry-standard OSINT tools through a unified MCP interface.
awesome-osint-mcp-servers (soxoj) | ~96 stars Curated list tracking the OSINT MCP server ecosystem. Categories include SOCMINT (social media intelligence), network scanning, domain intelligence, and more.
Reverse Engineering and Binary Analysis
Reverse engineering has attracted some of the most popular security MCP servers, with GhidraMCP being one of the highest-starred MCP servers in any category.
Disassemblers and Decompilers
GhidraMCP (LaurieWired/GhidraMCP) | ~8,100 stars | Java/Python The most popular security MCP server by far, and one of the most popular MCP servers overall. Enables LLMs to autonomously reverse engineer applications by exposing Ghidra’s core functionality — decompilation, disassembly, method listing, class enumeration, import/export analysis, and automated renaming. The Ghidra plugin communicates with the MCP bridge via HTTP, supporting remote analysis workflows. Licensed under Apache 2.0.
GhydraMCP (starsong-consulting/GhydraMCP) Multi-instance Ghidra plugin with HATEOAS REST API and MCP bridge. Supports multiple simultaneous binary analysis sessions, useful for comparative analysis or team-based reverse engineering workflows.
IDA Pro MCP (mrexodia/ida-pro-mcp) AI-powered reverse engineering assistant bridging IDA Pro with language models through MCP. Enables LLM-controlled analysis within IDA Pro, one of the most widely-used commercial disassemblers in professional reverse engineering.
Binary Ninja MCP (MCPPhalanx/binaryninja-mcp) Binary Ninja plugin for AI-driven reverse engineering workflows. Integrates Binary Ninja’s intermediate language (IL) representations with MCP, enabling agents to reason about binary code at multiple abstraction levels.
radare2 MCP | 32 tools Part of the FuzzingLabs security hub. Wraps radare2’s extensive disassembly, decompilation, and binary analysis capabilities in MCP tools. radare2 is one of the most feature-rich open-source reverse engineering frameworks.
Binary Analysis and Malware Detection
YARA MCP | 7 tools Pattern matching for malware classification through MCP. Enables AI agents to create, test, and run YARA rules against file samples for malware detection and classification.
capa MCP | 5 tools Mandiant’s capability detection tool for executables. Identifies what a program can do based on its code — such as “creates a service,” “encrypts data,” or “communicates via HTTP” — enabling AI agents to rapidly assess the behavior of unknown binaries.
binwalk MCP | 6 tools Firmware analysis, signature scanning, and file extraction through MCP. Essential for IoT security analysis and embedded device firmware reverse engineering.
TriageMCP (eversinc33/TriageMCP) Basic static triage of Portable Executable (PE) files. Enables AI agents to perform initial analysis of Windows executables — checking imports, sections, strings, and metadata — before committing to deeper analysis.
Mobile Analysis
Jadx MCP Plugin (mobilehackinglab/jadx-mcp-plugin) Java plugin exposing Jadx decompiler via MCP for Android application analysis. Enables AI agents to decompile APK files and analyze Android app code for vulnerabilities and malicious behavior.
Debugging
WinDBG MCP (svnscha/mcp-windbg) Bridges AI models with WinDbg for crash dump analysis and remote debugging. Enables AI-assisted analysis of Windows crash dumps, kernel debugging, and memory forensics.
WinDBG EXT MCP (NadavLor/windbg-ext-mcp) Alternative WinDbg integration bridging LLM clients with WinDbg for real-time AI-assisted kernel debugging sessions.
Penetration Testing and Offensive Security
Penetration testing has the largest collection of MCP servers in any single security domain, led by comprehensive multi-tool bundles.
Comprehensive Penetration Testing Suites
mcp-security-hub (FuzzingLabs) | ~500 stars | 38 servers, 300+ tools The largest collection of security MCP servers in a single repository. Covers reconnaissance (nmap, Shodan, masscan, whatweb, ProjectDiscovery tools), web security (Nuclei, SQLMap, Nikto, ffuf, waybackurls, Burp), binary analysis (radare2, binwalk, YARA, capa, Ghidra, IDA), blockchain security (Medusa fuzzer, Solazy Solana analysis, DAML viewer), cloud security (Trivy, Prowler, RoadRecon), code security (Semgrep), secrets detection (Gitleaks), exploitation (SearchSploit), fuzzing (boofuzz, Dharma), OSINT (Maigret, DNStwist), threat intelligence (VirusTotal, OTX), Active Directory (BloodHound), and password cracking (hashcat). All servers run in Docker containers with security hardening — non-root execution, dropped capabilities, no privilege escalation, read-only mounts, and resource limits.
Pentest-MCP-Server (chfle) | 88 tools Containerized penetration testing toolkit in a Kali Linux Docker container integrating 88 industry tools. Includes network scanning (Nmap, masscan, naabu), web testing (Nikto, SQLMap, WPScan, ffuf), DNS/subdomain enumeration (subfinder, Amass, dnsenum), vulnerability scanning (Nuclei, httpx, katana), Active Directory tools (NetExec, smbmap, enum4linux), password cracking (Hydra, John the Ripper, Medusa), and OSINT (theHarvester, SearchSploit). Features built-in scope enforcement with allowlist/blocklist system, 50+ bundled wordlists (SecLists, DirBuster, Rockyou), 11 workflow slash commands, and 600+ unit tests.
PentestAgent (0xSojalSec) All-in-one offensive security toolbox with AI agent and MCP architecture. Integrates Nmap, Metasploit, FFUF, SQLMap for penetration testing, bug bounty hunting, threat hunting, and reporting. Includes RAG-based responses with local knowledge base support.
pentest-mcp (DMontgomery40) Professional penetration testing MCP server with STDIO/HTTP/SSE transport support. Includes Nmap, GoBuster/DirBuster, Nikto, John the Ripper, hashcat, wordlist building, and more.
Web Application Security
Burp Suite MCP (PortSwigger/mcp-server) | Official PortSwigger’s official MCP server for Burp Suite, the industry-standard web application security testing tool. Provides access to passive crawling, issue enumeration, and proxy metadata through MCP. One of the most significant official vendor MCP servers in cybersecurity.
ZAP MCP (dtkmn/mcp-zap-server) Wraps OWASP ZAP (Zed Attack Proxy) actions as MCP tools. ZAP is the most popular open-source web application security scanner.
SQLMap MCP | 8 tools SQL injection detection and exploitation through MCP. Part of FuzzingLabs’ security hub, wrapping SQLMap’s automated SQL injection testing capabilities.
ffuf MCP | 9 tools Web fuzzing for directories, files, and parameters. Essential for web application enumeration and content discovery during penetration tests.
Network Scanning
Nmap MCP | 8 tools | Multiple implementations Port scanning, service detection, and OS fingerprinting through MCP. Multiple implementations exist — from FuzzingLabs’ containerized version to standalone servers. Nmap is the foundational network scanning tool in security.
masscan MCP | 6 tools High-speed port scanning for large networks. Wraps masscan’s ability to scan the entire internet in under 6 minutes, useful for large-scale reconnaissance and attack surface mapping.
ExternalAttacker MCP (MorDavid/ExternalAttacker-MCP) | 6 tools External attack surface mapping using ProjectDiscovery tools. Automates the discovery of an organization’s external-facing infrastructure.
Exploitation and Post-Exploitation
SearchSploit MCP | 5 tools Exploit-DB search and retrieval through MCP. Enables AI agents to search for known exploits by CVE, software name, or platform, and retrieve exploit code for analysis.
Hashcat MCP (MorDavid/hashcat-mcp) Natural language-driven hash cracking. Enables security professionals to describe what they want to crack and have the AI configure optimal hashcat parameters, attack modes, and wordlists.
Active Directory and Cloud Security
Active Directory
BloodHound-MCP-AI (MorDavid/BloodHound-MCP-AI) | ~271 stars | 75+ tools Connects BloodHound with AI through MCP, enabling security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries. Transforms questions like “find the shortest path to Domain Admin” into BloodHound graph queries, making AD security analysis accessible to analysts who don’t know Cypher.
BloodHound MCP (stevenyu113228/bloodhound-mcp) Alternative BloodHound MCP implementation for Active Directory attack path analysis.
Cloud Security
RoadRecon MCP (atomicchonk/roadrecon_mcp_server) | 6 tools Azure AD enumeration via RoadRecon. Enables AI agents to enumerate Azure Active Directory configurations, users, groups, applications, and permissions for cloud security assessment.
Prowler MCP | 6 tools Multi-cloud security auditing covering AWS, Azure, and GCP. Runs 300+ security checks against cloud configurations to identify misconfigurations and compliance violations.
AWS Security MCP (groovyBugify/aws-security-mcp) Cloud security access specifically for AWS environments. Provides AI agents with tools to assess AWS security configurations and identify potential weaknesses.
Check Point Quantum MCP Server (CheckPointSW/mcp-servers) | Official Check Point’s official MCP server providing AI-accessible firewall and threat management. Enables agents to query firewall rules, check threat prevention status, and manage security policies on Check Point infrastructure.
Incident Response and Digital Forensics
Incident Response Platforms
Velociraptor MCP Server (socfortress/velociraptor-mcp-server) Combines Velociraptor’s comprehensive digital forensics and incident response (DFIR) capabilities with LLM reasoning. Enables natural language queries against forensic data, including endpoint artifact collection, live response, file carving, and timeline analysis. Features JWT token management and HTTP/2 support for secure communication with Velociraptor deployments.
Swimlane SOAR Integration | Documentation available Swimlane, a SOAR platform, has documented MCP integration patterns for security orchestration and automated response workflows. Enables AI agents to trigger playbooks, manage cases, and coordinate response actions across security tools.
Endpoint Detection and Response
While no major EDR vendor (CrowdStrike, SentinelOne, Microsoft Defender) has released an official standalone MCP server yet, the ecosystem is emerging:
- Microsoft Sentinel MCP server provides indirect EDR access through Sentinel’s data lake integration with Defender
- Google Security Operations integrates EDR data through Chronicle’s unified security data model
- Velociraptor MCP provides open-source endpoint monitoring and response capabilities
- Community projects are actively developing CrowdStrike Falcon MCP server integrations
Security Scanning and Protection for MCP Itself
Given the rapid growth of MCP infrastructure, tools for securing MCP deployments themselves have become a sub-category.
Snyk Agent Scan (snyk/agent-scan) | ~1,700 stars Security scanner for AI agents, MCP servers, and agent skills. Detects 15+ risk categories including prompt injections, tool poisoning, and toxic flows. The most popular MCP security scanning tool.
mcp-scan (invariantlabs-ai/mcp-scan) MCP server vulnerability scanning tool. Scans MCP server configurations for common security weaknesses and misconfigurations.
MCP Guardian (eqtylab/mcp-guardian) Manages LLM access to MCP servers, providing an access control layer between AI agents and security-sensitive MCP tools.
MCP Gateway (lasso-security/mcp-gateway) Acts as intermediary between LLMs and MCP servers, providing behavior change detection, real-time DLP and secrets scanning, and SIEM/SOAR integration for monitoring MCP traffic.
MCP-Shield (riseandignite/mcp-shield) Detects security issues in MCP server configurations and implementations.
MCP Defender (MCP-Defender/MCP-Defender) Blocks malicious MCP traffic in real-time, protecting against prompt injection and tool poisoning attacks targeting MCP servers.
Secure MCP (makalin/SecureMCP) Vulnerability detection and misconfiguration scanning specifically for MCP deployments.
MCP Security Checklist (slowmist/MCP-Security-Checklist) Security guide for the AI tool ecosystem from SlowMist, a blockchain security firm. Provides comprehensive checklists for securing MCP server deployments.
Damn Vulnerable MCP Server (harishsg993010/damn-vulnerable-MCP-server) Training environment with intentional vulnerabilities for learning MCP security. Analogous to DVWA (Damn Vulnerable Web Application) for web security training.
Secrets Detection and Code Security
Gitleaks MCP | 5 tools Secrets and credentials detection in Git repositories. Scans commit history and current code for leaked API keys, passwords, tokens, and other sensitive data.
Semgrep MCP (semgrep/mcp) | Official | 7 tools Static code analysis with 5,000+ rules covering security, correctness, and performance patterns across multiple languages. One of the most widely-used SAST tools in the industry.
Octocode MCP (bgauryy/octocode-mcp) GitHub security pattern discovery through MCP. Helps identify security anti-patterns and vulnerabilities in GitHub repositories.
Network Security and Segmentation
Illumio MCP (alexgoller/illumio-mcp-server) AI-driven workload management and traffic flow analysis via Illumio’s micro-segmentation platform. Enables agents to query workload labels, analyze traffic flows, and manage segmentation policies.
Pomerium MCP (pomerium/pomerium) Identity-aware proxy providing Zero Trust access. Integrates with MCP for policy-based access decisions and identity verification.
Cloudflare MCP Server (cloudflare/mcp-server-cloudflare) | Official Secure edge, API, and web application protection using Cloudflare’s WAF, DDoS protection, and CDN. Official Cloudflare MCP server for managing security configurations.
Comparison Table
| Category | Official Servers | Community Servers | Most Popular | Key Gap |
|---|---|---|---|---|
| SIEM/SecOps | Google, Microsoft, Elastic | Wazuh, Splunk wrappers | Google SecOps (458 stars) | No Splunk official |
| Vulnerability Scanning | Snyk, Semgrep | Nuclei, Trivy, Prowler | Snyk agent-scan (1,700 stars) | No Qualys/Tenable/Rapid7 |
| Threat Intelligence | Google GTI | VirusTotal, OTX, AbuseIPDB | VirusTotal (109 stars) | No Recorded Future/Mandiant standalone |
| Reverse Engineering | — | GhidraMCP, IDA Pro, Binary Ninja | GhidraMCP (8,100 stars) | No Cutter/Hopper |
| Penetration Testing | Burp Suite | mcp-security-hub, Pentest-MCP | mcp-security-hub (500 stars) | No Cobalt Strike/commercial tools |
| OSINT | — | Shodan, Maigret, DNStwist | Shodan (120 stars) | No Maltego/SpiderFoot official |
| Active Directory | — | BloodHound-MCP-AI, RoadRecon | BloodHound (271 stars) | No PingCastle/Purple Knight |
| EDR/Endpoint | Microsoft (Sentinel) | Velociraptor | Velociraptor MCP | No CrowdStrike/SentinelOne/Defender standalone |
| Cloud Security | Check Point | Prowler, AWS Security, RoadRecon | Check Point (official) | No Prisma Cloud/Wiz/Orca |
| Incident Response | — | Velociraptor MCP | Velociraptor MCP | No TheHive/Cortex/DFIR-IRIS |
Architecture Patterns
Pattern 1: AI-Powered SOC Analyst
An AI agent acts as a first-line SOC analyst, receiving alerts from the SIEM and performing automated triage.
┌─────────────┐
│ SIEM Alert │
│ (Chronicle/ │
│ Sentinel) │
└──────┬──────┘
│
┌──────▼──────┐
│ AI Agent │
│ (Triage) │
└──────┬──────┘
│
┌────────────────┼────────────────┐
│ │ │
┌──────▼──────┐ ┌──────▼──────┐ ┌──────▼──────┐
│ VirusTotal │ │ Shodan │ │ AbuseIPDB │
│ MCP Server │ │ MCP Server │ │ MCP Server │
│(hash/IOC │ │(IP recon, │ │(IP reputa- │
│ analysis) │ │ exposure) │ │ tion check) │
└──────┬──────┘ └──────┬──────┘ └──────┬──────┘
│ │ │
└────────────────┼────────────────┘
│
┌──────▼──────┐
│ Enriched │
│ Alert + │
│ Verdict │
└──────┬──────┘
│
┌────────────┼────────────┐
│ │
┌──────▼──────┐ ┌──────▼──────┐
│ Escalate │ │ Auto-close │
│ to Human │ │ (False │
│ Analyst │ │ Positive) │
└─────────────┘ └─────────────┘
The agent receives a SIEM alert, checks the associated IOCs against VirusTotal (file hash reputation), Shodan (IP exposure and services), and AbuseIPDB (IP reputation score). Based on the enrichment results, it either escalates with context to a human analyst or auto-closes the alert as a false positive with documented reasoning.
Pattern 2: Automated Vulnerability Assessment Pipeline
An AI agent conducts systematic vulnerability assessment across an organization’s attack surface.
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Nmap MCP │ │ masscan MCP │ │ ExternalAtk │
│ (service │ │ (fast port │ │ MCP (attack │
│ detection) │ │ scanning) │ │ surface) │
└──────┬───────┘ └──────┬───────┘ └──────┬───────┘
│ │ │
└───────────────────┼────────────────────┘
│
┌─────────▼─────────┐
│ AI Agent │
│ (Orchestrator) │
└─────────┬─────────┘
│
┌───────────────────┼───────────────────┐
│ │ │
┌──────▼──────┐ ┌──────▼──────┐ ┌──────▼──────┐
│ Nuclei MCP │ │ Trivy MCP │ │ Semgrep MCP │
│ (8000+ │ │ (container │ │ (code │
│ templates) │ │ & IaC) │ │ analysis) │
└──────┬──────┘ └──────┬──────┘ └──────┬──────┘
│ │ │
└───────────────────┼───────────────────┘
│
┌─────────▼─────────┐
│ Prioritized │
│ Vulnerability │
│ Report + CVSS │
└───────────────────┘
The agent first discovers the attack surface using Nmap (service detection), masscan (fast port scanning), and ExternalAttacker (attack surface mapping). It then feeds discovered services into Nuclei (template-based vulnerability scanning), Trivy (container and infrastructure scanning), and Semgrep (code-level analysis). The results are correlated, deduplicated, and prioritized by CVSS score and exploitability.
Pattern 3: Threat Intelligence Correlation Agent
An AI agent performs multi-source threat intelligence correlation when investigating suspicious indicators.
┌─────────────────┐
│ Suspicious IOC │
│ (IP, hash, │
│ domain, URL) │
└────────┬────────┘
│
┌────────▼────────┐
│ AI Agent │
│ (Correlator) │
└────────┬────────┘
│
┌──────────┬──────────┬───┼───┬──────────┬──────────┐
│ │ │ │ │ │
┌──▼──┐ ┌───▼───┐ ┌───▼──┐ ┌─▼───┐ ┌───▼───┐ ┌──▼──┐
│ VT │ │Shodan │ │ OTX │ │DNS- │ │Google │ │Abuse│
│ MCP │ │ MCP │ │ MCP │ │twist│ │ GTI │ │IPDB │
│ │ │ │ │ │ │ MCP │ │ MCP │ │ MCP │
└──┬──┘ └───┬───┘ └───┬──┘ └─┬───┘ └───┬───┘ └──┬──┘
│ │ │ │ │ │
└─────────┴──────────┴──┬───┴──────────┴──────────┘
│
┌──────▼──────┐
│ MITRE │
│ ATT&CK │
│ Mapping │
└──────┬──────┘
│
┌──────▼──────┐
│ Threat │
│ Assessment │
│ Report │
└─────────────┘
Given a suspicious indicator, the agent queries six threat intelligence sources in parallel — VirusTotal (malware analysis), Shodan (infrastructure exposure), AlienVault OTX (community intelligence), DNStwist (related phishing domains), Google Threat Intelligence (Mandiant data), and AbuseIPDB (IP reputation). Results are correlated and mapped to MITRE ATT&CK techniques for a structured threat assessment.
Pattern 4: AI-Assisted Reverse Engineering Pipeline
An AI agent performs automated binary analysis and malware triage.
┌─────────────────┐
│ Unknown Binary │
│ (PE/ELF/Mach-O) │
└────────┬─────────┘
│
┌────────▼────────┐
│ AI Agent │
│ (Analyst) │
└────────┬────────┘
│
┌────────▼────────┐
│ TriageMCP │
│ (static PE │
│ analysis) │
└────────┬────────┘
│
┌────────┼────────────────┐
│ │
┌──▼─────────┐ ┌────────▼────────┐
│ YARA MCP │ │ capa MCP │
│ (pattern │ │ (capability │
│ matching) │ │ detection) │
└──┬─────────┘ └────────┬────────┘
│ │
└────────┬────────────────┘
│
┌────────▼────────┐
│ GhidraMCP │
│ (deep decom- │
│ pilation) │
└────────┬────────┘
│
┌────────▼────────┐
│ VirusTotal MCP │
│ (community │
│ intelligence) │
└────────┬────────┘
│
┌────────▼────────┐
│ Malware Report │
│ + ATT&CK Map │
│ + IOCs │
└──────────────────┘
The agent receives an unknown binary and runs it through a triage pipeline: TriageMCP performs initial static analysis (imports, sections, strings), YARA checks against known malware patterns, capa identifies behavioral capabilities, GhidraMCP performs deep decompilation for detailed code analysis, and VirusTotal provides community detection and intelligence data. The output is a structured malware report with MITRE ATT&CK mapping and extracted IOCs.
Regulatory and Ethical Considerations
Cybersecurity MCP servers operate in a domain with significant legal and ethical constraints.
Authorization and Scope
Penetration testing MCP servers must only be used against authorized targets. Several implementations (notably Pentest-MCP-Server) include built-in scope enforcement with allowlist/blocklist systems. Organizations deploying offensive MCP tools should ensure that authorization documentation, rules of engagement, and scope definitions are in place before any AI-driven testing begins. Unauthorized scanning or testing can violate computer fraud and abuse laws in virtually every jurisdiction.
Data Privacy and Compliance
SIEM and threat intelligence MCP servers handle sensitive security data that may be subject to data protection regulations. Security logs often contain personally identifiable information (PII), and sharing this data with external AI services raises compliance considerations under GDPR, CCPA, and other privacy frameworks. Organizations should evaluate whether MCP server deployments keep sensitive data on-premises or transmit it to external services.
Responsible Disclosure
Vulnerability scanning MCP servers may discover previously unknown vulnerabilities. Organizations should have responsible disclosure policies in place and ensure that AI agents discovering vulnerabilities route findings through appropriate channels rather than acting autonomously on critical findings.
MCP Security Risks
The MCP ecosystem itself has faced significant security challenges in 2026. Between January and February, over 30 CVEs were filed against MCP infrastructure. A survey of 2,614 MCP implementations found that 82% use file operations vulnerable to path traversal, two-thirds have code injection risk, and over a third are susceptible to command injection. A scan of 8,000+ MCP servers on the public internet found 38% completely lack authentication. Organizations deploying MCP servers for security operations should apply the same security rigor to their MCP infrastructure as they would to any other security tool.
Ethical AI in Security
AI-assisted security operations raise questions about autonomous action. Security MCP servers should be configured with appropriate human-in-the-loop controls, especially for actions that could disrupt services, modify configurations, or access sensitive data. The principle of least privilege applies: MCP servers should expose only the minimum functionality needed for the intended use case.
Ecosystem Gaps
Despite strong coverage in many categories, significant gaps remain in the cybersecurity MCP ecosystem.
No major EDR vendor has a standalone MCP server. CrowdStrike, SentinelOne, Carbon Black, and Cortex XDR have no official MCP servers. Microsoft’s Sentinel MCP provides indirect Defender access, but dedicated EDR MCP servers remain absent. Given that EDR is central to incident response, this is a critical gap.
No vulnerability management platforms have official MCP servers. Qualys, Tenable (Nessus), Rapid7 (InsightVM), and Nexpose have no MCP presence. Community Nuclei and Trivy servers partially fill the gap, but enterprise vulnerability management workflows remain unconnected.
No SOAR platforms beyond Google have official MCP servers. Palo Alto XSOAR, Splunk SOAR, Swimlane, and Tines have no official MCP servers. SOAR is a natural fit for MCP — automated playbooks triggered by AI analysis — but official support is limited to Google’s implementation.
No case management or ticketing systems for security. TheHive, DFIR-IRIS, ServiceNow SecOps, and Jira-based security workflows have no dedicated security MCP servers. Case management is essential for tracking investigations and coordinating response.
No commercial threat intelligence platforms. Recorded Future, ThreatConnect, MISP (as an official server), and Anomali have no MCP presence. While VirusTotal, OTX, and AbuseIPDB provide good coverage for open-source threat intelligence, commercial platforms with deeper analysis remain unconnected.
No network security monitoring tools. Suricata, Snort, Zeek, and Security Onion have no MCP servers. Network-level threat detection and traffic analysis remain outside the MCP ecosystem.
No compliance and GRC platforms. Archer, ServiceNow GRC, OneTrust, and compliance frameworks like NIST CSF have no MCP presence. Compliance reporting is a natural AI use case but lacks MCP support.
No deception technology. Honeypots, deception platforms (Attivo/SentinelOne, Illusive Networks), and canary tokens have no MCP servers. Deception technology could benefit from AI-driven deployment and monitoring.
Getting Started
For SOC Analysts
Start with a SIEM MCP server (Google SecOps or Wazuh) connected to your existing security data. Add VirusTotal and Shodan MCP servers for alert enrichment. This combination enables AI-assisted alert triage — the highest-impact use case for security teams. Begin with read-only access and expand as you build confidence in the AI’s analysis quality.
For Penetration Testers
The FuzzingLabs mcp-security-hub provides the most comprehensive starting point — 38 Docker-containerized servers covering reconnaissance through exploitation. For a lighter start, use Nmap MCP for network scanning and Nuclei MCP for vulnerability detection. Always configure scope enforcement and ensure written authorization before any testing.
For Threat Intelligence Analysts
Connect VirusTotal, Shodan, and AlienVault OTX MCP servers for multi-source IOC analysis. Add DNStwist for phishing domain monitoring. The fastmcp-threatintel server aggregates multiple sources with automatic MITRE ATT&CK mapping, providing a starting framework for structured threat analysis.
For Malware Analysts
GhidraMCP (8,100 stars) is the essential starting point for binary analysis. Add YARA MCP for pattern matching, capa MCP for capability detection, and VirusTotal for community intelligence. This combination enables an AI-assisted malware analysis pipeline from initial triage through detailed decompilation.
For Security Engineers
Start with Semgrep MCP for code security scanning and Gitleaks MCP for secrets detection in CI/CD pipelines. Add Trivy MCP for container security scanning. These tools integrate naturally into DevSecOps workflows and can be invoked by AI agents as part of automated code review.
For Security Leaders
Deploy Snyk Agent Scan to audit your existing MCP server deployments for security issues. Use Google SecOps or Microsoft Sentinel MCP servers to explore AI-assisted security operations. Focus on read-only analytical use cases first before enabling any automated response actions.
Conclusion
Cybersecurity is one of the most active and commercially engaged MCP verticals, with official servers from Google, Microsoft, PortSwigger, Semgrep, Snyk, Check Point, Elastic, and Cloudflare. The community ecosystem adds hundreds more — from GhidraMCP’s 8,100 stars leading reverse engineering to FuzzingLabs’ 38-server security hub covering 300+ offensive tools. The AI in cybersecurity market’s projected growth from $25–31 billion to $86–105 billion by 2030 suggests this ecosystem will continue expanding rapidly.
Critical gaps remain in EDR, vulnerability management, SOAR, case management, and network monitoring. The absence of official MCP servers from CrowdStrike, SentinelOne, Qualys, Tenable, and Palo Alto XSOAR means that the most commercially important security tools remain outside the MCP ecosystem. As the protocol matures — and particularly as MCP security itself improves beyond the challenges documented in early 2026 — we expect major security vendors to follow Google and Microsoft’s lead in releasing official MCP servers.
For security teams evaluating MCP adoption, the recommendation is clear: start with read-only analytical use cases (alert enrichment, threat intelligence correlation, vulnerability prioritization), build confidence in AI-assisted analysis quality, and expand toward automated response only with appropriate human-in-the-loop controls. The combination of SOC alert fatigue, chronic staffing shortages, and increasingly sophisticated threats makes AI-augmented security operations not just valuable but necessary.
This guide was last updated on March 30, 2026. The cybersecurity MCP ecosystem is evolving rapidly. For the latest server listings and reviews, visit our MCP server directory.