Kolide MCP. Audit device security and compliance status.
Kolide helps you audit fleet security posture in seconds. Connect your AI agent to get full visibility into every managed device, track active vulnerabilities across your entire hardware inventory, and check user compliance states instantly. Audit logs, device details, and issue tracking—all available through one MCP.
Claude 
ChatGPT 
Cursor 
Gemini 
Windsurf 
VS Code 
JetBrains 
Vercel Give Claude and any AI agent real-world access
List every device in the fleet and check its current security status.
Pull a list of active security issues or misconfigurations across the entire device pool.
See which users are assigned to devices and whether they meet required compliance policies.
Access a complete, chronological history of security and administrative actions taken on the fleet.
Get immediate statistics like total device count, online status percentage, and current issue counts.
Ask an AI about this
Waiting for input…
What AI agents can do with Kolide: 10 Tools for Endpoint Security
These tools allow you to inspect every facet of your fleet—from listing device IDs to auditing historical security events.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using Kolide MCPList Kolide Devices
Lists every managed device in the fleet for a full security posture check.
Get Device Details
Retrieves specific, granular details about one particular device ID.
List Kolide Issues
Pulls a list of all active security vulnerabilities and misconfigurations across the...
Get Issue Details
Provides deep information about one specific, reported security issue.
List Kolide People
Lists all users associated with the system for compliance review.
Get Person Details
Retrieves specific details about a single user account.
List Kolide Checks
Shows all the available security checks you can run against your fleet.
Get Check Details
Gets detailed information about a specific type of security check.
List Kolide Audit Logs
Retrieves the full, chronological history of all administrative and security events.
Get Kolide Fleet Stats
Generates a high-level summary of the entire fleet's current health metrics.
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The Kolide integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on each call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Kolide, then connect any of our 5,200+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,200+ others, all in one place
- Add new capabilities to your AI anytime you want
- Connections are secured and governed automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog weekly
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Kolide. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS CLOUD
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on each call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
The constant headache of security visibility
Today, getting a full picture of your fleet means jumping between the device management dashboard, the vulnerability scanner portal, and the user directory. You copy IDs here, paste them there, run three different reports, then spend hours manually merging Excel sheets just to see who is non-compliant.
With this MCP, you tell your agent what you need—say, 'Give me a compliance report for all MacBooks.' The AI client handles the multi-step process: it checks device IDs, finds linked users, cross-references vulnerabilities, and delivers the final, clean answer directly to you.
Kolide MCP gives you comprehensive fleet security reporting
The manual steps that disappear are the data transfers. You won't have to run `list_kolide_devices` and then take those IDs to manually query for issues using a separate tool. The agent handles both calls sequentially, passing the results along.
You finally get one consistent view of your entire security posture. It’s not just data; it’s actionable intelligence that lets you patch vulnerabilities and correct compliance gaps in minutes.
What Kolide MCP does for your AI
Connect Kolide via Vinkius to gain complete oversight of your organization's fleet security and device health. You can use your AI agent to audit every managed device and track specific vulnerabilities or misconfigurations across the entire hardware inventory. It lets you see which users are linked to which devices and whether those individuals meet compliance standards.
Need a deeper dive? You can pull up detailed reports on available security checks, view chronological administrative logs, or get high-level fleet statistics at a glance. This MCP handles all that complex data retrieval, letting your agent do the heavy lifting so you don't have to.
019d75c2-7fbc-73cf-91bc-6ac1c6fdf882 
How to set up Kolide MCP
The bottom line is: your agent uses the connection to query Kolide directly and spits out the answers in natural language.
Subscribe to this MCP and generate a Bearer Token from the Kolide settings.
Configure your AI client with that token so it can authenticate against the service.
Tell your agent exactly what you need—for example, 'What are the top three security issues affecting my MacBooks?'
Who uses Kolide MCP
Security Operations Center (SOC) analysts, IT managers, or compliance officers who are tired of manually cross-referencing dashboards to build a single security picture. You need instant, comprehensive visibility into every asset.
Running automated audits across the fleet using the agent's ability to list devices and check for specific vulnerabilities.
Tracking compliance status by listing users and checking if their associated devices adhere to policy, or pulling high-level fleet statistics.
Generating reports on device ownership and accessing audit logs to prove adherence to regulatory standards.
Benefits of connecting Kolide MCP
You stop guessing about your network. By running list_kolide_devices, you get a clear, actionable list of every asset ID and its current security posture in one query.
Instead of digging through ten different dashboards, you use the MCP to pull all active vulnerabilities by calling list_kolide_issues and immediately know what needs patching.
Compliance checks are faster. Use the toolset to list users via list_kolide_people, then check individual compliance using get_person_details—all without switching tabs.
You get immediate answers about system changes by calling list_kolide_audit_logs. You don't have to manually sift through days of event records to find one key incident.
High-level overviews are instant. get_kolide_fleet_stats gives you a summary (total devices, compliance rate) so fast it feels like magic.
Kolide MCP use cases
Investigating an alleged data leak
The agent runs through the audit logs using list_kolide_audit_logs to trace who accessed a sensitive resource and when. It then uses get_person_details to identify that user's role, pinpointing the source of the risk.
Quarterly compliance review
The team runs list_kolide_people followed by checks on each individual. They use this data to confirm every employee’s assigned device is compliant and properly owned, satisfying auditors instantly.
Post-incident analysis
After a breach alert, the agent first calls get_kolide_fleet_stats for an overall picture. Then it uses list_kolide_issues to determine if other devices were affected by the same vulnerability.
Onboarding a new department
The IT manager runs list_kolide_checks to see what standards apply, and then uses get_check_details to confirm that every new device meets those exact criteria before it goes live.
Kolide MCP tradeoffs
What to watch out for, and the recommended way to handle each one.
Checking security status piecemeal
Calling one tool for devices, another tool for issues, and a third service for user names. This requires manual aggregation in a spreadsheet.
Use the Kolide MCP to chain these calls together. For instance, list all devices via list_kolide_devices, then immediately query those IDs against list_kolide_issues to get one comprehensive report.
Ignoring device ownership
Finding a vulnerability but not knowing which user or department is responsible for patching the machine.
Always pair your security checks. After finding an issue with list_kolide_issues, follow up by listing people via list_kolide_people to assign accountability.
Relying on raw logs only
Getting a massive dump of text from the audit log without context, making it impossible to pinpoint the actual risk.
Use list_kolide_audit_logs in conjunction with get_check_details. This lets your agent filter the noise and only present high-risk events relevant to specific compliance checks.
When to use Kolide MCP
You need this MCP if your job requires constant visibility across multiple, distinct security domains: physical device inventory, user identity, active vulnerabilities, and historical audit trails. If you're trying to build a single source of truth for 'How healthy is our fleet right now?'—this is the tool. Don't use it if you only need one piece of data; for example, just listing users. In that case, calling list_kolide_people alone works fine. But when you need to connect who (user) has what (device) and if that combination is safe (issues/logs), this MCP connects those dots automatically.
Frequently asked questions about Kolide MCP
How do I use the list_kolide_devices tool? +
You ask your agent to 'list all devices.' The system uses list_kolide_devices and returns a comprehensive roster of every asset ID in the fleet.
Can Kolide MCP tell me who owns a problematic device? +
Yes. After running list_kolide_issues, you can follow up by asking for details on affected users. The agent uses tools like get_person_details to pinpoint ownership.
Is Kolide MCP only good for current issues? +
No, it handles history too. By listing fleet audit logs using list_kolide_audit_logs, you get a chronological record of every security event that has happened previously.
What is the best way to check overall compliance? +
Run get_kolide_fleet_stats first for a summary, then follow up with list_kolide_people and run checks on the most critical users to verify their status.
Do I need to know specific vulnerability names? +
Not at all. You can ask your agent generally about 'security issues.' It will use list_kolide_issues and then offer options for deeper dives using get_issue_details.