How to Use the UpGuard MCP in VS Code Copilot

Q: What data does UpGuard handle regarding user risk when used with VS Code Copilot?

The server touches comprehensive user risk information via listuserrisks. This allows team members to write code that enforces security policies based on a user's current monitored risk profile.

Q: If I need to check vendor credentials, how does UpGuard work with VS Code Copilot?

You use getvendor and then follow up with listvendorrisks. This two-step process ensures that every developer on the team has access to the most current security assessment for any given third party.

Q: Does UpGuard support listing identity breaches in VS Code Copilot?

Yes. The tool listidentitybreaches lets your team pull lists of compromised identities, which can then be used to write code that blocks access for known bad actors.

Automate security checks across your team's codebase using Copilot Chat and the MCP Server.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect UpGuard MCP to VS Code Copilot

Create your Vinkius account to connect UpGuard to VS Code Copilot and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup UpGuard with VS Code Copilot

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Team Risk Visibility

By committing `.vscode/mcp.json`, every developer gets access to `list_account_risks` for consistent checks. The team can use this tool to ensure that new code doesn't ignore critical, active risks across the platform. You also get centralized visibility into vendor health by running `list_vendors`. This allows your entire engineering department to validate dependencies before deployment.

Audit SaaS and Infrastructure

When writing code for integrations, use `list_saas_apps` to ensure all connections are accounted for. Similarly, running `list_monitored_ips` and `list_monitored_domains` populates the necessary context variables for your team. This MCP Server gives every developer the tools needed to map out the full attack surface right inside VS Code Copilot Chat.

Validate User Security Policies

You can check user compliance by calling `list_user_risks`. This lets your team build code that checks if a user's risk score passes defined thresholds. Similarly, `list_identity_breaches` gives immediate data on compromised credentials. If you need to investigate a specific partner, the `get_vendor` tool pulls key details and associated risks.

Setup guide

Set up UpGuard MCP in VS Code Copilot

Prerequisites

VS Code 1.99 or later with GitHub Copilot extension
Active Vinkius subscription with a valid endpoint token

1

Open MCP configuration

Open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P) and run "MCP: Add Server". Select HTTP (Streamable) as the server type. VS Code will create .vscode/mcp.json in your workspace.
2

Add the UpGuard MCP

Paste the JSON snippet shown on the right into your .vscode/mcp.json. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Switch to Agent mode

Open Copilot Chat (Cmd+Shift+I / Ctrl+Shift+I) and switch to Agent mode using the dropdown. MCP tools are only available in Agent mode — they do not appear in Edit or Ask modes.
4

Verify the connection

In the Copilot Chat input, type # to list available tools. You should see the UpGuard tools listed. Try asking: "List my recent UpGuard transactions" and Copilot will invoke them automatically.

.vscode/mcp.json

{
  "mcpServers": {
    "upguard-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by UpGuard. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect UpGuard now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about UpGuard MCP in VS Code Copilot

The team commits the MCP configuration file to the repo. When developers use Agent mode, they can trigger tools like `list_vendor_risks` directly in the chat, and the results populate the context for their coding session.

The server touches comprehensive user risk information via `list_user_risks`. This allows team members to write code that enforces security policies based on a user's current monitored risk profile.

You use `get_vendor` and then follow up with `list_vendor_risks`. This two-step process ensures that every developer on the team has access to the most current security assessment for any given third party.

Yes. The tool `list_identity_breaches` lets your team pull lists of compromised identities, which can then be used to write code that blocks access for known bad actors.

The MCP Server touches vendor details, account risks, user risk data, and lists of monitored assets. This centralized access ensures the entire development team uses consistent, accurate data for security validation.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript