How to Use the Aikido Security MCP in Windsurf

Connect Windsurf to the Aikido Security MCP Server to autonomously track vulnerabilities, audit compliance, and fix cloud assets.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Aikido Security MCP to Windsurf

Create your Vinkius account to connect Aikido Security to Windsurf and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Aikido Security with Windsurf

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Automate SOC2 Audits in Windsurf

`get_soc2_compliance` grabs your exact trust service criteria status directly inside the IDE. Cascade reads the failing controls, maps them to your codebase using `list_code_repositories`, and starts drafting patches without you prompting every step. You just tell Windsurf to fix the compliance gaps. The agent chains `get_iso_compliance` to cross-reference overlapping requirements and outputs the exact configuration changes needed to pass your next audit.

Map Cloud Attack Surfaces

`list_cloud_assets` pulls your entire AWS, GCP, or Azure infrastructure footprint into the editor context. Cascade uses this to spot misconfigurations by checking `list_connected_clouds` and matching them against active deployments. Finding the root cause takes seconds instead of hours. The agent pulls `list_virtual_machines` and `list_containers` to trace a vulnerable Docker image back to the specific cloud instance running it, then writes the terraform fix.

Triage Open Issues via MCP Server

`list_open_issues` dumps every SAST, DAST, and leaked secret finding straight into your workspace. Cascade sorts these by severity, groups related CVEs using `get_issue_group`, and opens the exact files needing attention. Your security workflow becomes a background process. Windsurf checks `list_custom_rules` to ensure your organization-specific policies are active before writing the remediation code for the vulnerable functions.

Setup guide

Set up Aikido Security MCP in Windsurf

Prerequisites

Windsurf IDE installed (macOS, Windows, or Linux)
Active Vinkius subscription with a valid endpoint token

1

Open MCP configuration

Click the Cascade assistant icon in the sidebar, then click the hammer icon (🔨) at the top of the panel. Select "Configure" to open ~/.codeium/windsurf/mcp_config.json.
2

Add the Aikido Security MCP

Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Refresh MCPs

Go back to the hammer icon (🔨) in Cascade and click "Refresh". Windsurf will detect the new server. No full restart is needed — the connection is hot-reloaded.
4

Verify in Cascade

Start a new Cascade conversation and ask something like "Show my Aikido Security payment history." If connected, Cascade will call the Aikido Security tools directly. You will see a green dot next to the server name in the MCP panel.

mcp_config.json

{
  "mcpServers": {
    "aikido-security-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Aikido Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Aikido Security now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Aikido Security MCP in Windsurf

Open the Settings menu and navigate to Cascade, then the MCP Servers UI. You can add the server under the mcpServers key or use the built-in MCP Marketplace for a one-click install. Hit refresh in the panel to start using the tools.

The autonomous agent reads the vulnerability data and generates the necessary code patches. It evaluates the context from your open files and applies fixes for SQL injections or missing headers. You review the diffs before committing.

This integration pulls your specific SAST rules using the provided tools. It applies those exact organizational checks to the code it writes. Your proprietary security standards govern the output.

Calling the team and user listing tools maps out access levels. It shows you exactly who has permissions across different codebases and cloud environments. You get a clear text summary right in your editor.

Your SOC2 reports, open CVEs, and cloud asset lists never touch our persistent storage. The V8 Isolate Sandbox spins up just to execute the API call and dies immediately after returning the data. You only need a single endpoint token to authenticate.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript