How to Use the Drata MCP in Mastra AI

Automate complex compliance workflows in Mastra AI with programmatic control over your security data.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Drata MCP to Mastra AI

Create your Vinkius account to connect Drata to Mastra AI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Drata with Mastra AI

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Orchestrate security workflows in Mastra AI

Build automated incident response pipelines by integrating this MCP Server with Mastra AI. When a control fails, use `drata_get_control` to fetch the auditor-facing risk logic and trigger a custom remediation workflow. You can create conditional branches that notify specific teams if `drata_list_tests` returns a failure for critical infrastructure. It turns static compliance checks into active, self-healing security operations.

Automated personnel compliance management

Use your Mastra AI agents to monitor employee onboarding and security training. By chaining `drata_list_personnel` with your internal notification systems, you can automatically ping employees who have overdue training or missing MDM enrollment. This removes the manual burden of tracking compliance milestones. Your agents handle the repetitive verification, leaving your team to focus on resolving actual security gaps.

Vendor and policy lifecycle automation

Manage your supply chain risk by automating vendor reviews within Mastra AI. Your agents can call `drata_list_vendors` to identify high-risk partners and check their security questionnaire status before you onboard them. Pair this with `drata_list_policies` to trigger alerts when documents are due for annual renewal. It ensures your compliance documentation stays current without manual oversight.

Setup guide

Set up Drata MCP in Mastra AI

Prerequisites

Node.js 18+ and a TypeScript project
@mastra/mcp + @mastra/core packages
Active Vinkius subscription with a valid endpoint token

1

Install dependencies
Run npm install @mastra/mcp @mastra/core plus your preferred model provider (e.g. @ai-sdk/openai).
2

Configure the MCPClient
Create an MCPClient with your Vinkius endpoint as a URL object. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.
3

Discover and inject tools
Call mcpClient.listTools() and spread the result into your agent's tools object. All Drata tools become native Mastra tools.
4

Run with any model
Swap openai("gpt-4o") for any AI SDK-compatible provider. Call agent.generate() and the agent routes tool calls through MCP automatically.

agent.ts

import { MCPClient } from "@mastra/mcp";
import { Agent } from "@mastra/core/agent";
import { openai } from "@ai-sdk/openai";

const mcpClient = new MCPClient({
  id: "drata-mcp-client",
  servers: {
    "drata-mcp": {
      url: new URL(
        "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
      ),
    },
  },
});

const agent = new Agent({
  name: "Drata Agent",
  model: openai("gpt-4o"),
  instructions: "You have access to Drata tools.",
  tools: {
    ...(await mcpClient.listTools()),
  },
});

const result = await agent.generate(
  "List recent Drata transactions"
);
console.log(result.text);

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Drata. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Drata now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Drata MCP in Mastra AI

Register the server URL in your Mastra MCP configuration. Once registered, spread the tools into your agent's tool set to enable automated compliance logic.

Absolutely. You can write logic that triggers a notification or a ticket creation if `drata_list_tests` reports a failed security check.

Yes. By using the provided tools to pull evidence for controls, you ensure your automated workflows rely on the same data used during your official audits.

The server only transmits the specific fields requested by your agent. Access to data like background check status is limited to the tools you explicitly call.

While the server currently provides read-only access to compliance data, your agents can use this information to automate internal processes that lead to faster remediation.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript