# Acunetix 360 MCP for AI Agents MCP > Acunetix 360 connects your AI agent to automated web vulnerability scanning, giving you full control over application security directly from chat. Launch scans for your APIs and web apps, track detailed vulnerabilities by severity level, and audit scan progress without logging into a console. It handles everything from initial testing to compliance reporting. ## Overview - **Category:** security-compliance - **Price:** Free - **Tags:** web-security, penetration-testing, automated-scanning, app-security, vulnerability-management, cybersecurity ## Description Running secure web applications involves constant monitoring and deep auditing—it's tedious manual work. This MCP lets you automate the entire security workflow using natural conversation. Instead of jumping between dashboards and writing complex API calls, your agent manages vulnerability scans for all your web apps and APIs on demand. You can start a new scan right in chat, check progress across multiple systems, or instantly pull up lists of identified vulnerabilities, including suggested fixes. The system supports auditing past builds to keep security checks running throughout the entire development lifecycle. By connecting this MCP through Vinkius, you give your AI client immediate access to robust, industry-standard web application testing tools. ## Tools ### list_scans Retrieves a list of all past, present, and completed vulnerability scans within your Acunetix 360 account. ### launch_scan Initiates a brand new security scan on specified web applications or APIs. ### list_vulnerabilities Gets a comprehensive list of all identified security issues, including severity ratings and remediation advice. ## Prompt Examples **Prompt:** ``` Can you show me all high-severity vulnerabilities found in my main login flow? ``` **Response:** ``` **Vulnerability Report: Login Module** * **Cross-Site Scripting (XSS):** Found 2 instances on `/login/profile`. **Severity:** High. *Remediation:* Sanitize input fields. * **SQL Injection:** Found 1 instance on `user_id` parameter. **Severity:** Critical. *Remediation:* Use prepared statements for all database queries. (Total Flaws: 3. Two require immediate attention.) ``` **Prompt:** ``` What's the status of my scan for the API gateway? ``` **Response:** ``` **Scan Status Update:** The scan on `api/v1/gateway` started successfully at 2024-06-12 10:30 AM. * **Current Status:** In Progress (78% complete) * **Estimated Completion:** Within the next 25 minutes. Please wait a moment, and I'll give you an alert when it finishes. ``` **Prompt:** ``` List all scans we ran last month. ``` **Response:** ``` **Scan History (Last 30 Days):** | Scan Name | Start Date | Status | Flaws Found | | :--- | :--- | :--- | :--- | | Main App v2.1 | 2024-05-28 | Completed | 12 | | API Beta Test | 2024-06-01 | Completed | 5 | | Marketing Landing Page | 2024-06-10 | Canceled | N/A | *Note: The 'Main App v2.1' scan contained the highest number of critical findings.* ``` ## Capabilities ### Launch new vulnerability scans Start a full security scan on a specific web application or API endpoint directly from your chat interface. ### List and track active scans Get the current status, progress, and historical record of all running vulnerability assessments across your infrastructure. ### Retrieve identified security issues Pull a detailed list of every discovered flaw, including its severity level (e.g., Critical, High) and basic remediation guidance. ### Audit specific vulnerability reports Quickly gather all recorded vulnerabilities to support compliance checks or risk assessments for management reporting. ## Use Cases ### Pre-release vulnerability check A developer needs to know if a new API endpoint is safe before going live. They ask their agent to launch_scan on the specific URL, and minutes later, they get a summary of critical flaws back in chat. ### Compliance audit preparation The Compliance Officer needs proof that all services were scanned last quarter. They use list_scans to retrieve a complete history report needed for the regulatory body. ### Triage after an incident A security engineer suspects a recent breach and wants to know exactly what flaws exist. They use list_vulnerabilities to get a categorized, prioritized rundown of all potential entry points. ## Benefits - Start scans instantly. Instead of navigating the Acunetix console to launch a job, your agent handles it with one simple request. - Track progress easily. Use the `list_scans` tool to see the status of all ongoing security assessments without needing dashboard access. - Pinpoint flaws quickly. The `list_vulnerabilities` tool lets you pull up all identified issues—like SQL Injection or XSS—to focus remediation efforts immediately. - Audit builds efficiently. You can check scan results from recent development builds to ensure security standards never slip, even with fast releases. - Manage complexity. Your agent organizes the output, giving you actionable reports that go beyond just listing findings. ## How It Works The bottom line is that you talk to your agent like you're talking to a security analyst; it talks to Acunetix 360 and gives you the answer. 1. Subscribe to this MCP and provide your Acunetix 360 User ID and API Token. 2. Connect it to your preferred AI client (like Cursor or Claude). 3. Ask your agent a natural language question, such as 'List all high-severity vulnerabilities found in my last scan.' The agent handles the rest. ## Frequently Asked Questions **How do I use Acunetix 360 with my AI agent to check for security flaws?** You simply ask your agent what you need. Instead of logging into the tool, just tell it, 'Check my application for critical vulnerabilities.' It uses its tools to run the necessary scans and provides the results directly in chat. **Can Acunetix 360 help me audit security reports for compliance?** Yes. You can retrieve comprehensive lists of identified issues using your agent. This makes generating documentation for audits much faster because you get structured data, not just a raw file download. **If I launch a scan through the AI MCP, will it work on APIs?** Yes, this tool is designed to scan more than just standard web pages. You can specify API endpoints and run full vulnerability scans against them, which is crucial for modern microservices architecture. **What if I need a history of all my past security checks?** You can ask the agent to list all previous scans. It pulls up a summary table showing when everything was run and how many flaws were found, helping you track long-term risk. **Is Acunetix 360 MCP better than just using built-in IDE security tools?** While IDE tools are great for code review, this MCP gives you a full platform view. It launches deep, automated scans against deployed applications and APIs, finding vulnerabilities that simple code analysis misses.