4,500+ servers built on MCP Fusion
Vinkius
Have I Been Pwned logo
Vinkius
Vercel AI SDK logo

How to Use the Have I Been Pwned MCP in Vercel AI SDK

Build live credential checking into your Next.js apps with the Vercel AI SDK. Stream breach data straight to the user interface.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Have I Been Pwned MCP on Cursor AI Code Editor MCP Client Have I Been Pwned MCP on Claude Desktop App MCP Integration Have I Been Pwned MCP on OpenAI Agents SDK MCP Compatible Have I Been Pwned MCP on Visual Studio Code MCP Extension Client Have I Been Pwned MCP on GitHub Copilot AI Agent MCP Integration Have I Been Pwned MCP on Google Gemini AI MCP Integration Have I Been Pwned MCP on Lovable AI Development MCP Client Have I Been Pwned MCP on Mistral AI Agents MCP Compatible Have I Been Pwned MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Vercel AI SDK

Connect Have I Been Pwned MCP to Vercel AI SDK

Create your Vinkius account to connect Have I Been Pwned to Vercel AI SDK and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup Have I Been Pwned with Vercel AI SDK
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Stream Password Checks in Vercel AI SDK

The `check_password_safety` tool verifies if a hash exists in known leaks using k-anonymity. Your AI client never sees or transmits the full plaintext password. It sends only the first five characters of the SHA-1 hash to the API, returning a count of how many times that suffix appeared in historical dumps. You pipe these results directly into your React frontend. As the user types their new password, the UI updates instantly with the breach count. There is no loading spinner. The edge function executes the MCP tool call and streams the text response straight to the browser.

Expose Account Vulnerabilities

The `search_account_breaches` tool finds every known data leak associated with a specific email address. It pulls the raw record of where and when the exposure happened. You combine this with `get_breach_details` to pull the exact data classes compromised, like IP addresses, physical locations, or security questions. End users see this data appear live in their dashboard. When they link an email to your app, the agent queries the MCP Server in the background. It renders a timeline of their digital footprint exposures before they even finish setting up their profile.

Monitor Public Text Dumps

The `search_account_pastes` tool scans public paste sites for an email address. Hackers dump scraped credentials on sites like Pastebin before selling them on forums. This tool catches those early exposures. You trigger this check during user onboarding. If the agent finds a hit, it immediately forces a password reset flow. The `list_all_breaches` tool can also populate a live ticker of recent global attacks on your login screen, showing users exactly why you enforce strict password rules.

Setup guide

Set up Have I Been Pwned MCP in Vercel AI SDK

Prerequisites

  • Node.js 18+ and a TypeScript project
  • ai + @modelcontextprotocol/sdk packages
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Install dependencies

    Run npm install ai @modelcontextprotocol/sdk plus your preferred model provider (e.g. @ai-sdk/openai).

  2. 2

    Create the Streamable HTTP transport

    Use StreamableHTTPClientTransport with your Vinkius endpoint URL. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

  3. 3

    Discover and use tools

    Call mcpClient.tools() to auto-discover all Have I Been Pwned tools. Pass them directly to generateText() or streamText() — no manual schema definitions needed.

  4. 4

    Works with any model provider

    Swap openai("gpt-4o") for any AI SDK provider — Anthropic, Google, Mistral. The MCP tools work identically across all supported models.

index.ts 
import { experimental_createMCPClient as createMCPClient } from "ai";
import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp";
import { generateText } from "ai";
import { openai } from "@ai-sdk/openai";

const transport = new StreamableHTTPClientTransport(
  new URL("https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")
);

const mcpClient = await createMCPClient({ transport });
const tools = await mcpClient.tools();

const { text } = await generateText({
  model: openai("gpt-4o"),
  tools,
  prompt: "List recent Have I Been Pwned transactions",
});

console.log(text);
await mcpClient.close();
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Have I Been Pwned. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Have I Been Pwned now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Have I Been Pwned MCP in Vercel AI SDK

Install @ai-sdk/mcp and initialize it using createMCPClient. Pass the HTTP transport URL for this server. Call mcpClient.tools() and feed the output into your streamText function.
Yes. The agent calls the tools, and the text response streams directly to your Next.js or React frontend. Users read the breach history as it generates.
It runs perfectly on the edge. You connect the MCP Server via HTTP transport, meaning you don't need a heavy Node.js runtime. Just remember to call mcpClient.close() when the stream finishes.
The underlying service enforces strict request limits. Your agent needs logic to catch 429 errors and back off. Do not run bulk checks on thousands of users simultaneously.
The system never transmits plaintext passwords. It uses k-anonymity, sending only the first five characters of a SHA-1 hash to the API. The server returns all matching suffixes, and the final comparison happens locally in memory.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the Have I Been Pwned MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 5 tools

We've already built the connector for Have I Been Pwned. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 5 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.