Integrate StackHawk with Claude, Cursor, Chatbots & AI Agents MCP Server

Connect your AI to the StackHawk DAST platform. Run automated security scans, triage alerts seamlessly, and find vulnerabilities effortlessly.

GDPR Free for Subscribers

Compatible with every major AI agent and IDE

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

+ other MCP clients

get

Get application details on StackHawk

Get detailed configuration for a specific StackHawk application

get

Get organization details on StackHawk

Get StackHawk organization details and subscription tier

get

Get scan alerts on StackHawk

Download individual security alerts discovered by a DAST scan

get

Get scan results on StackHawk

Get detailed results and metadata for a specific DAST scan

list

List api keys on StackHawk

Useful for auditing and hygiene. List API keys configured for a StackHawk organization

list

List applications on StackHawk

Requires a Bearer token and organization ID. List all registered DAST applications in a StackHawk organization

list

List environments on StackHawk

g., Development, Staging, Production) configured on the application. List configured scan environments for a StackHawk application

list

List scans on StackHawk

Includes scan IDs and high-level alert counts. List all DAST scan executions for a StackHawk application

action

Login on StackHawk

This token is required for all subsequent StackHawk tool calls. Authenticate and obtain a Bearer access token from StackHawk

triage

Triage alert on StackHawk

Valid statuses: RISK_ACCEPTED, FALSE_POSITIVE, IN_PROGRESS. Triage a DAST security alert (accept risk, false positive, etc.)

Security & Code Integrity Audit

Every tool in the StackHawk MCP Server is continuously audited by the Vinkius Security Engine. We guarantee zero-trust payload isolation, strict data boundaries, and deterministic execution for enterprise-grade AI agents.

A+Score: 100

How Vinkius protects your data

Is there a risk of the AI "going crazy" and deleting important company data?

No. With Vinkius, the AI operates on "rails". It can only make the exact moves you authorized in the tool's settings. It cannot invent routes, access other networks in your company, or decide to delete random files. If the action isn't in the approved catalog, the attempt is blocked instantly.

Can I set different limits for each virtual assistant on my team?

Absolutely. You have full control in our command center. You can create an AI agent that only "reads" data so the support team can answer questions, and another superpowered agent that can "edit" and "create" information exclusively for your operations team. Each AI gets exactly the level of access you allow.

Are scans executed locally or in the cloud?

Scans run on the StackHawk cloud infrastructure. The MCP integration only triggers and monitors them — no heavy processing happens in your AI context.

What if the AI ends up reading customer data or confidential information?

We have a built-in digital "bodyguard" called DLP (Data Loss Prevention). If a tool fetches data and the response contains social security numbers, credit cards, or personal customer info, Vinkius magically blocks and erases that information before it is delivered to the AI. The AI works only with what is strictly necessary, and your sensitive data never leaks.

Triggering StackHawk via Natural Language

Securely interface Claude Code, ChatGPT, and Cursor with the StackHawk API through semantic routing and standardized natural language triggers.

The Future of dast

The StackHawk toolkit translates Claude's commands into dast operations. The MCP server ensures accurate delivery within the security compliance ecosystem.

AI-Driven application security Workflows

The StackHawk MCP translates LLM intent into specific application security actions. Agents like Cursor use this to interface securely with your security compliance infrastructure.