Aikido Security MCP for AI. Triage vulnerabilities and check compliance status instantly.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
How this MCP server connects to your AI agent
Aikido Security lets you take full control of your security posture from any AI client. It connects directly to your security stack to check vulnerabilities across cloud assets (AWS, GCP, Azure), code repositories, and containers.
You can monitor compliance status for standards like ISO 27001 and SOC2, list all open issues by severity, or export full reports instantly.
What AI agents can do with Aikido Security Automation
Export all issues
Pulls a full report of all security issues found in your organization's environment, perfect for audits or deep analysis.
Get iso compliance
Provides a detailed overview showing which controls are passing and which need attention for ISO 27001 compliance.
Get issue group
Gathers deep information about specific issue groups, helping you understand related vulnerabilities across multiple systems.
Gets an overview showing whether specific controls meet ISO 27001 or SOC2 requirements.
Lists all monitored cloud resources and identifies any misconfigurations or vulnerabilities across AWS, GCP, and Azure.
Shows every connected Git repository and container image that is currently being scanned for flaws.
Retrieves a full, prioritized list of all vulnerabilities found across your entire technical environment.
Verifies which external web apps are protected by the Aikido firewall against common attacks like XSS or SQL injection.
Ask an AI about this
Waiting for input…
What AI agents can do with Aikido Security MCP: 16 Tools
These tools allow your AI agent to execute specific security checks across multiple domains, from listing users to checking cloud infrastructure.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using Aikido Security on VinkiusExport All Issues
Pulls a full report of all security issues found in your organization's environment, perfect for audits or deep analysis.
Get Iso Compliance
Provides a detailed overview showing which controls are passing and which need...
Get Issue Group
Gathers deep information about specific issue groups, helping you understand related...
Get Soc2 Compliance
Checks your organization's readiness for SOC2 audit preparation by reporting on...
Get Workspace
Verifies the overall setup of your security workspace and reports any configuration...
List Apps
Lists every web application protected by the Aikido firewall, verifying their protection status against common attacks.
List Cloud Assets
Shows a list of all cloud infrastructure assets monitored by Aikido, letting you identify misconfigurations or vulnerabilities in your...
List Code Repositories
Retrieves a list of every connected code repository from services like GitHub and...
List Connected Clouds
Shows all cloud accounts linked to Aikido, verifying which environments are actively...
List Containers
Lists every container image and registry scanned by Aikido, helping you monitor base...
List Custom Rules
Shows all custom rules you've defined, allowing you to audit your...
List Open Issues
Gathers a comprehensive list of all open vulnerabilities across code, cloud, and containers, which is the core function for triage.
List Teams
Lists organizational teams within Aikido used to manage security responsibilities and assign issues.
List Users
Provides a roster of all users in the organization, detailing their roles and access...
List Virtual Machines
Lists every virtual machine monitored by Aikido, allowing you to check its specific...
List Webhooks
Shows all configured webhooks for services like Slack or Jira, helping you verify...
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The Aikido Security integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Aikido Security, then connect any of our 5,100+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,100+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Aikido Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Built on the Model Context Protocol (MCP) for Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This connection provides 16 powerful capabilities that interface natively with Claude, ChatGPT, Cursor, and other compatible AI platforms. No middleware. No custom integration required.
Security reviews are a nightmare of tabs and exports., Solved with Vinkius AI Gateway
Right now, doing a simple security review means jumping through hoops. You have to open the cloud console, check for misconfigs in one tab; then switch to your code scanner dashboard to look at CVEs in another. If you're checking compliance, it's worse—you download three different reports and manually cross-reference them all just to answer 'Are we safe?'
With this MCP, that whole process disappears. You tell your agent what you need—say, a list of critical vulnerabilities or cloud assets—and the AI handles every single click, query, and report generation behind the scenes. You get one clean, actionable summary in plain English.
Aikido Security MCP: Get an instant compliance snapshot.
Before this, checking your status meant logging into a dedicated compliance portal and waiting for the report to generate. You'd have to manually check if the relevant controls were marked 'Pass' or 'Fail,' wasting hours on data aggregation.
Now, you simply ask for it. Calling `get_iso_compliance` instantly gives you an overview of passing versus failing controls, letting you focus immediately on the two or three areas that actually need fixing.
What your AI can actually do with this
Instead of opening ten different dashboards just to see if your company is secure, you talk to your AI agent. This MCP connects directly to Aikido Security, giving your agent the ability to act as a dedicated security analyst for your whole stack. You can ask it things like, 'What's our compliance status for ISO 27001?' or 'List all public S3 buckets in AWS.' The tool reads your cloud infrastructure assets, checks container images for known flaws, and tracks every open vulnerability—whether it's a leaked secret or a misconfigured database.
Once the data is gathered, you can ask your agent to group these issues by type, helping you prioritize exactly what needs fixing first. All this deep visibility is managed through Vinkius, making sure that regardless of which AI client you use, all your security data is in one place for natural conversation and action.
019d754a-4b60-719f-80aa-4fd1fca381d7 
Here's how it actually works
The bottom line is that you don't have to navigate multiple dashboards; your AI agent handles all the backend querying for you.
Subscribe to this MCP and provide your Aikido API token via your AI client's settings.
Tell your agent what you need—for example, 'What are our high-priority open issues?'
The MCP executes the request, pulling vulnerability data, compliance status, or asset lists directly into your conversation.
Who is this actually for?
Security Engineers, DevOps Teams, and Compliance Officers. This MCP saves time by letting you check complex security statuses without opening a single dashboard.
Uses the tool to instantly list open issues, filtering for specific types of vulnerabilities like leaked secrets or cloud misconfigs.
Checks connected code repositories and container images to monitor for known CVEs before deploying a new service.
Requests the ISO 27001 or SOC2 compliance status, providing evidence that certain controls are passing for an upcoming audit.
What Changes When You Connect
Instantly triage open issues: Use list_open_issues to get a prioritized, filtered view of all critical vulnerabilities without opening the Aikido dashboard. You see exactly what needs fixing first.
Verify your entire cloud attack surface: Run list_cloud_assets to discover any misconfigurations in AWS or GCP, letting you secure infrastructure before it's exploited.
Automate compliance reporting: Call get_iso_compliance or get_soc2_compliance to get an immediate status report. This is perfect for preparing evidence ahead of a major audit.
Track all connected assets: Run list_code_repositories and list_containers together to gain one clear picture of every piece of code and image that needs security review.
Audit user access easily: Use list_users or list_teams to verify who has what permissions. This is critical for internal governance checks.
See it in action
Pre-audit checklist preparation
A compliance officer needs proof that the company meets ISO 27001 standards before an external review. They ask their agent to run get_iso_compliance and then follow up by running export_all_issues, gathering both compliance evidence and a full vulnerability report in one go.
Finding forgotten misconfigurations
A DevOps team is deploying a new service to GCP. They ask their agent to run list_connected_clouds first, then immediately follow up with list_cloud_assets to ensure no publicly exposed storage buckets or unencrypted databases slipped through.
Vulnerability deep dive
A security engineer sees a general alert about 'CVE-2024-1234' in list_open_issues. They then use get_issue_group to understand exactly which components across different repositories are affected and what the remediation path should be.
Preparing for a security review
An engineering manager needs an executive summary of risk. They ask their agent to compile data from list_code_repositories (to see development coverage) and then execute export_all_issues, providing one clean file for the VP.
The honest tradeoffs
Manual Dashboard Jumping
Opening the Aikido dashboard, clicking 'Cloud Assets,' downloading a report. Then opening another tab to check 'Container Security' and copying data from there.
Just ask your agent directly: 'List all cloud assets AND list containers.' The MCP handles the multiple calls—list_cloud_assets and list_containers—and gives you one consolidated answer.
Ignoring Scope
Thinking that checking only the main repository status is enough for a security review, ignoring dependencies or cloud misconfigs.
Always check all angles. Use list_code_repositories and pair it with list_containers to cover both source code risk and deployed runtime risks.
Partial Compliance Checks
Only running a manual check for one standard, like 'Is this SOC2 ready?' while ignoring other required controls.
Use get_soc2_compliance to get the full overview of trust service criteria. It ensures you don't miss any crucial area before an audit.
When It Fits, When It Doesn't
You need this MCP if your primary pain point is coordinating security data from multiple, siloed sources (Git, AWS, containers, compliance frameworks). If you are a professional who regularly needs to prove that vulnerabilities are being tracked and remediated across different layers—from the code level up to the cloud infrastructure—then use this. Don't use it if all you need is a simple list of users; just querying list_users might be enough. If you only care about one specific compliance standard, like ISO 27001, but don't want to check your code base, then maybe another specialized tool will work better. But if the goal is comprehensive security posture management, this MCP provides that depth across all domains.
Questions you might have
How do I find all vulnerabilities using Aikido Security MCP? +
You use list_open_issues. This tool pulls a comprehensive list of every vulnerability found, covering cloud misconfigs, code flaws, and container issues, letting you prioritize remediation efforts immediately.
Can I check if my AWS assets are secure using Aikido Security MCP? +
Yes. Use list_cloud_assets to get a full inventory of your monitored cloud infrastructure. This reveals potential misconfigurations or security gaps in your public cloud environment.
Does Aikido Security MCP help with compliance audits? +
Absolutely. You can run get_iso_compliance and get_soc2_compliance to generate official overviews of your readiness for both major standards, saving you manual evidence gathering.
How do I see which Git repos are monitored? +
Run list_code_repositories. This tool provides a clear list of all connected code repositories from services like GitHub and GitLab that are actively being scanned for issues.
What if I need to export my findings? +
Use the export_all_issues function. It pulls every security finding into a bulk report, which is perfect for sharing with stakeholders or adding to an official audit trail.
We've already built the connector for Aikido Security. Just plug in your AI agents and start using Vinkius.
No hosting. No infrastructure. No complex setup.
All 16 tools are live and waiting.
You're up and running in seconds.
Gemini Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.
Built, hosted, and secured by Vinkius. You just connect and go.