4,500+ servers built on MCP Fusion
Vinkius
Bugcrowd logo
Vinkius
Windsurf logo

How to Use the Bugcrowd MCP in Windsurf

Track Bugcrowd targets and file vulnerability reports directly within Windsurf using Cascade.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Bugcrowd MCP on Cursor AI Code Editor MCP Client Bugcrowd MCP on Claude Desktop App MCP Integration Bugcrowd MCP on OpenAI Agents SDK MCP Compatible Bugcrowd MCP on Visual Studio Code MCP Extension Client Bugcrowd MCP on GitHub Copilot AI Agent MCP Integration Bugcrowd MCP on Google Gemini AI MCP Integration Bugcrowd MCP on Lovable AI Development MCP Client Bugcrowd MCP on Mistral AI Agents MCP Compatible Bugcrowd MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Windsurf

Connect Bugcrowd MCP to Windsurf

Create your Vinkius account to connect Bugcrowd to Windsurf and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup Bugcrowd with Windsurf
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Automate Bugcrowd triage with Windsurf

The `list_submissions` tool lets Windsurf scan your active Bugcrowd bugs. Cascade uses this MCP Server to read this list, pulls down specific details with `get_submission`, and automatically matches them against your local codebase. You don't have to copy-paste back and forth. By chaining these tools, Cascade locates the exact file containing the vulnerability and shows you the line of code that needs a patch.

Audit target scopes in Cascade

The `list_targets` tool pulls active assets directly into your Windsurf workspace. Cascade maps these targets to your current directory structure, identifying which local microservices fall under the active Bugcrowd scope. By calling `get_target` sequentially, Cascade builds a local context map of what you are allowed to test. This keeps your security research strictly within the approved boundaries without manual lookups.

Draft submissions from your workspace

The `create_submission` tool registers new vulnerabilities directly from Windsurf. When Cascade finds a hardcoded secret or a dependency bug in your project, it gathers the evidence and drafts the Bugcrowd report for you. This integration bypasses the web UI entirely. Your agent compiles the reproduction steps, formats the markdown, and pushes the submission straight to your program.

Setup guide

Set up Bugcrowd MCP in Windsurf

Prerequisites

  • Windsurf IDE installed (macOS, Windows, or Linux)
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Open MCP configuration

    Click the Cascade assistant icon in the sidebar, then click the hammer icon (🔨) at the top of the panel. Select "Configure" to open ~/.codeium/windsurf/mcp_config.json.

  2. 2

    Add the Bugcrowd MCP

    Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.

  3. 3

    Refresh MCPs

    Go back to the hammer icon (🔨) in Cascade and click "Refresh". Windsurf will detect the new server. No full restart is needed — the connection is hot-reloaded.

  4. 4

    Verify in Cascade

    Start a new Cascade conversation and ask something like "Show my Bugcrowd payment history." If connected, Cascade will call the Bugcrowd tools directly. You will see a green dot next to the server name in the MCP panel.

mcp_config.json 
{
  "mcpServers": {
    "bugcrowd-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Bugcrowd. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Bugcrowd now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Bugcrowd MCP in Windsurf

Open your `~/.codeium/windsurf/mcp_config.json` file and add the server configuration. Your Windsurf client will connect to the MCP endpoint and register the tools.
Yes, Cascade uses the `create_submission` tool to post new findings. It chains file-reading tools to gather evidence and then executes the submission programmatically based on your prompt.
Cascade calls `list_programs` to fetch all your active security programs. It then filters them based on your current workspace context to ensure you are targeting the correct program.
The `list_engagements` tool fetches active crowdsourced tests. You can ask your agent to pull details from `get_engagement` to read the testing guidelines directly in your editor.
All communication with the Bugcrowd API occurs locally through the secure Vinkius MCP sandbox. Your vulnerability reports and target scopes are never stored on external servers, keeping your sensitive security findings fully private.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the Bugcrowd MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 10 tools

We've already built the connector for Bugcrowd. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 10 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.