HackEDU MCP. Automate security training and compliance tracking.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
HackEDU (Security Journey) MCP Server automates secure coding training. Manage user progress, track team compliance, and integrate vulnerability findings into personalized training plans.
Your AI client can retrieve user profiles, list available modules, or push new CVE data to trigger immediate developer training.
What your AI agents can do
Create issue
Pushes a new vulnerability issue to trigger adaptive training plans for developers.
Get team progress
Retrieves the overall training progress and completion metrics for a specified team.
Get user
Gets detailed information, including profiles and UUIDs, for a specific user.
List all users and teams in your account, and retrieve detailed progress reports for specific individuals or groups.
Browse the entire catalog of available security modules and lessons to identify relevant training material.
Access HackEDU's full vulnerability taxonomy, mapped to industry standards like CWE, CVE, and CAPEC.
Push specific issues from bug bounty programs or scanners to automatically create personalized training plans for developers.
List vulnerability issues synced from external sources like Bugcrowd or HackerOne.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
HackEDU (Security Journey) MCP Server: 10 Tools for Security Ops
Use these tools to manage users, track team progress, list vulnerability taxonomies, and automate secure coding training workflows.
019d75adcreate issue
Pushes a new vulnerability issue to trigger adaptive training plans for developers.
019d75adget team progress
Retrieves the overall training progress and completion metrics for a specified team.
019d75adget user
Gets detailed information, including profiles and UUIDs, for a specific user.
019d75adget user progress
Retrieves the training progress status for an individual user.
019d75adlist adaptive training plans
Lists structured training plans that were generated based on specific vulnerability findings.
019d75adlist content
Retrieves a complete catalog of all available security training modules and lessons.
019d75adlist issues
Lists vulnerability issues synced from external security sources like Bugcrowd or HackerOne.
019d75adlist teams
Lists all configured teams within your HackEDU account.
019d75adlist users
Lists all individual users registered in your HackEDU account.
019d75adlist vulnerabilities
Lists the full taxonomy of security vulnerabilities, mapping CWE, CVE, and CAPEC standards.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with HackEDU (Security Journey), then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
HackEDU's MCP Server automates secure coding training. Your AI client can manage user progress, track team compliance, and feed vulnerability findings into personalized training plans. You can use the list_users tool to get a list of every individual in your account, or run list_teams to see all configured teams. To check individual status, run get_user_progress for a specific user, or get a detailed profile and UUID using get_user.
You can check overall team status by running get_team_progress. You'll find every module and lesson in the catalog by calling list_content. Need to map a vulnerability? Use list_vulnerabilities to access HackEDU's full taxonomy, which maps to industry standards like CWE, CVE, and CAPEC. Want to see what issues came from external sources like Bugcrowd or HackerOne? Call list_issues.
You can find structured training plans created from specific vulnerability findings by running list_adaptive_training_plans. If you find a new vulnerability, you'll push it using the create_issue tool to trigger immediate, adaptive training plans for developers. To find out what's going on with vulnerabilities, you can run list_content to browse the entire catalog of security training modules and lessons.
How HackEDU MCP Works
- 1 Subscribe to the server and enter your HackEDU API Key from the Admin Dashboard.
- 2 Your AI client connects using the MCP protocol.
- 3 You start managing security training by asking your agent to list users, check progress, or create a new vulnerability issue.
The bottom line is, your AI client handles the entire security training workflow without you ever opening the HackEDU dashboard.
Who Is HackEDU MCP For?
Security Engineers, AppSec Team Leads, and Engineering Managers use this to automate compliance and risk tracking. They need a single source of truth that correlates a discovered vulnerability (CVE) with the specific training plan required for the developer who wrote the code. It stops manual reporting and allows proactive risk mitigation.
Integrates bug bounty findings into the developer training lifecycle. Uses the agent to run create_issue and link it to a specific team via list_teams.
Checks team compliance and individual status. Uses get_user_progress and get_team_progress to pinpoint knowledge gaps immediately.
Monitors team readiness for audits. Uses the agent to run list_users and get_team_progress to identify low-performing areas.
What Changes When You Connect
- Instantly map vulnerabilities to training gaps. By running
list_vulnerabilitiesandcreate_issue, you don't just report a CVE; you trigger the exact educational plan needed for the developer who wrote the code. - Stop chasing status reports. Use
get_team_progressto get a quick, aggregate view of team compliance. Your agent handles the calculations and summarizes who needs work. - Automate remediation workflows. When a bug bounty program finds an issue, your agent runs
list_issuesand then usescreate_issueto automatically kick off the necessary adaptive training for the responsible team. - Maintain a single source of truth. Use
list_usersandget_userto confirm developer identities and UUIDs before assigning training or checking specific progress viaget_user_progress. - Discover available content. Run
list_contentto see every module and lesson in the catalog. This helps the agent find the right resource when a vulnerability is detected.
Real-World Use Cases
Compliance Audit Prep
The audit is next week. Instead of manually downloading CSVs, the Security Engineer asks the agent to get_team_progress for the Payments team and then list_content to confirm that all required 'OWASP Top 10' modules are covered. The agent summarizes the gaps instantly.
Zero-Day Response
A critical vulnerability (CVE) is published today. The AppSec Team Lead uses the agent to list_vulnerabilities to get the taxonomy, then uses create_issue with the new CVE ID. This automatically triggers personalized learning paths for every developer who could be affected.
Onboarding New Developers
A new developer joins the codebase. The Engineering Manager uses the agent to get_user to create a profile, then uses list_content to build a mandatory training checklist. The agent ensures the developer completes the initial modules before committing code.
Bug Bounty Triage
The team receives 50 new vulnerability reports. The AppSec Team Lead runs list_issues to ingest the data, and then iterates through the results, calling create_issue for each unique vulnerability to ensure training is assigned.
The Tradeoffs
Manual Status Checks
Logging into the HackEDU dashboard, clicking the Team tab, filtering by 'Incomplete,' and then exporting the list to Excel to share with the manager. It takes 15 minutes.
→
Just ask your agent: 'Show the security progress for the Payments team.' The agent runs get_team_progress and delivers the summary right in the chat.
Confusing CVEs with Users
Trying to manually correlate a vulnerability ID (CVE-2023-1234) with a specific developer's profile or training status in a spreadsheet. It's impossible to track.
→
Run list_vulnerabilities to get the full taxonomy. Then, use create_issue to link that CVE ID directly to a training plan, making the relationship explicit and actionable.
Overlooking the Content Catalog
Thinking you have to manually create a training module every time a new framework is used, instead of checking if a module already exists.
→
First, run list_content. This shows the full library of available modules. You check if the required lesson is already there before spending time building it.
When It Fits, When It Doesn't
Use this server if your primary bottleneck is the gap between vulnerability discovery and developer remediation. If you can reliably feed vulnerability data (from bug bounty platforms, scanners, etc.) into the system, this is a must-have. You need to automate the process of mapping a finding (e.g., a CWE or CVE) to a required action (a training plan).
Don't use this if you simply need a static list of vulnerabilities. Use list_vulnerabilities for that. Don't use it if you just need to store user data—use a standard identity management tool. This server is for actioning the data; it's the bridge that turns a vulnerability report into a measurable training task.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by HackEDU. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 10 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Manually tracking who knows what about secure coding is a nightmare.
Today, if an AppSec team finds a critical SQL Injection flaw, they have to write a report. They list the vulnerability, they check the team roster, and then they manually email dozens of developers, pointing them to a specific training module. Someone inevitably misses a name or forgets to update the spreadsheet.
With the HackEDU MCP Server, you tell your agent: 'Trigger training for SQL Injection.' The agent handles the lookup. It uses `list_users` to get the roster, and then it runs `create_issue` to assign the exact training module based on the vulnerability type. The entire workflow is automated.
HackEDU MCP Server: Track progress and manage training.
The old way meant exporting progress reports, finding the right module UUID, and then manually updating the training assignment status. This required multiple tools and a lot of copy-pasting.
Now, your agent does it all. You ask for the team status, and it runs `get_team_progress` and `get_user_progress` to give you the status instantly. You get the metrics, not the spreadsheets.
Common Questions About HackEDU MCP
How do I use the HackEDU (Security Journey) MCP Server to trigger training? +
You use the create_issue tool. This tool takes vulnerability details and automatically generates and assigns a personalized training plan for the affected team or user.
What data does the `list_vulnerabilities` tool provide? +
The list_vulnerabilities tool lists the full taxonomy of security flaws, mapping them to standard industry codes like CWE, CVE, and CAPEC.
Can I check progress for just one person using `get_user_progress`? +
Yes. get_user_progress takes a specific user ID and returns their current training completion status, allowing you to track individuals quickly.
What is the difference between `list_users` and `list_teams`? +
The list_users tool retrieves a list of every individual user. The list_teams tool lists the groups or teams that are configured within the HackEDU platform.
How do I list all the available security training modules? +
You use the list_content tool. This shows the entire catalog of modules and lessons available in your HackEDU account.
How do I use the `list_issues` tool to sync external vulnerability data? +
The list_issues tool pulls vulnerability data from external sources like Bugcrowd or HackerOne. This lets you centralize findings and trigger adaptive training based on real-world security reports.
What details does the `get_user` tool provide about a specific developer? +
The get_user tool retrieves comprehensive user profiles. You get detailed information, including the user's UUID and current status, which is crucial for assignment tracking.
Can I check a team's overall status using the `get_team_progress` tool? +
Yes, get_team_progress calculates the collective training status. It shows the team's overall completion rate and helps you pinpoint which modules need attention across the group.
How do I find my HackEDU API Key? +
Log in to your HackEDU Admin Dashboard and navigate to the API section. You will be able to generate and copy your unique X-API-Key from there.
Can I track the training progress of a specific team? +
Yes! Use the get_team_progress tool by providing the unique team ID. The agent will return the completion percentage and status for that team.
What is 'Adaptive Training' in this integration? +
Adaptive Training allows you to push real-world vulnerability findings (via create_issue) to HackEDU. The platform then automatically assigns relevant security lessons to developers to help them fix and prevent similar issues.
Is HackEDU now part of Security Journey? +
Yes, HackEDU was acquired by Security Journey. This integration works with accounts from both brands using the same API infrastructure.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
Alphamoon
Extract data from documents using AI-powered OCR and intelligent document processing for contracts, invoices, and forms.
MJML (Email Markup)
Transpile MJML markup into responsive, high-quality HTML emails directly from your AI agent.
Makeswift
Build stunning Next.js websites with a visual editor that lets marketers update pages without touching code or deployments.
You might also like
Rong360 Open API
Bring high-level financial risk assessment and identity KYC directly to your agent. Evaluate credit scores and verify names.
Tettra
Search, read, and create internal wiki pages on your Tettra knowledge base directly from your AI agent.
Finmo
Manage global pay-ins, payouts, and multi-currency wallets through AI agents with Finmo.