Salt Security MCP. Real-Time API Defense via Conversation
Salt Security gives your AI client real-time defense for your APIs. It lets you check API inventories, find hidden or 'shadow' endpoints, monitor live attacks, and automatically block malicious actors—all through conversation. Use it to audit security posture and manage governance rules without logging into a dashboard.
Claude 
ChatGPT 
Cursor 
Gemini 
Windsurf 
VS Code 
JetBrains 
Vercel Give Claude and any AI agent real-world access
The tool retrieves a complete list of all auto-discovered APIs, including hidden or 'shadow' endpoints in your network.
You can get specific details about any single API endpoint to check for exposed sensitive data or structural issues.
The system lists current malicious API attacks, helping you understand the attack patterns and profiling known threat actors.
You issue a command to block an attacker immediately, passing instructions directly to your integrated WAFs.
The MCP identifies vulnerabilities and design flaws before they ever hit the live production environment.
You check which API governance rules are currently active and manage uploaded OpenAPI specifications.
Ask an AI about this
Waiting for input…
What AI agents can do with Salt Security with 10 Tools
These ten tools allow you to audit every aspect of your API environment, from mapping unknown endpoints to automatically blocking malicious threat actors.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using Salt Security MCPBlock Attacker
Issues a command to block a specific attacker profile from accessing your APIs.
Get Attackers
Lists profiles of known threat actors identified by Salt Security.
Get Attacks
Retrieves a list of detected malicious API attack events.
Get Endpoint
Gets detailed information for a specific, named API endpoint.
Get Governance Policies
Lists all currently active governance rules governing your APIs.
Get Inventory
Retrieves the complete, auto-discovered list of every API endpoint in your environment.
Get Posture Vulnerabilities
Identifies and lists design flaws or vulnerabilities found during pre-production testing.
Get System Health
Checks the operational status of your traffic mirror ingestion service.
List Oas Specs
Lists all OpenAPI (OAS) specifications that you have uploaded for governance.
Upload Oas Spec
Uploads a new OAS/Swagger specification to register it with your security policies.
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The Salt Security integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on each call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Salt Security, then connect any of our 5,200+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,200+ others, all in one place
- Add new capabilities to your AI anytime you want
- Connections are secured and governed automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog weekly
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Salt Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS CLOUD
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on each call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
The headache of finding your own APIs.
Today, discovering every single API endpoint in a large microservice architecture feels like detective work. You have to log into multiple consoles—the network dashboard for traffic flow, the documentation portal for official specs, and sometimes you just don't know where to look. It’s tedious copying data between tabs just to build a picture of your true attack surface.
With this MCP, you ask your agent directly: "What APIs are running?" It runs `get_inventory` and gives you the full list. You instantly see endpoints that were never documented or approved—the 'shadow' resources that pose the biggest risk.
Salt Security MCP: Real-Time API Threat Defense
Manual incident response means switching between a monitoring system, an attacker profile database, and then finally logging into your WAF to manually type the block rule. This process takes minutes of high stress and potential human error.
Now you just ask the agent: "Block this threat." The MCP runs `block_attacker` and passes the command directly to the integrated gateways. You move from detection to remediation in seconds, right inside your chat.
What Salt Security MCP does for your AI
Your agent connects directly to Salt Security, giving it eyes on your entire Application Programming Interface environment. You stop guessing about what APIs are running or if they're secure. Instead, you ask questions like, "What endpoints haven't been formally documented?" and get an immediate list of potential vulnerabilities or shadow APIs.
It monitors for active attacks as they happen, listing malicious events and even profiling the attackers involved. When a threat is identified, you can immediately trigger remediation commands to block that attacker at your WAF level. This capability means you don't have to switch between monitoring dashboards and incident response tools; everything flows through your AI client.
By connecting this MCP via Vinkius, you give your agent access to an entire catalog of security tools, making API defense as simple as a chat prompt.
019d7602-edb8-70c1-b172-ed11861985f0 
How to set up Salt Security MCP
The bottom line is you get real-time visibility and active control over API security without leaving your chat interface.
Enable the Salt Security integration in your workspace.
Generate an API Token within the Salt Security console and paste it into the configuration fields provided by Vinkius.
Ask your AI client a direct question, like asking if there are known threat actors exploiting your APIs right now.
Who uses Salt Security MCP
This is for the Security Operations Center (SOC) analyst who gets tired of manually switching between monitoring dashboards and incident response tools. It's also for the Application Developer needing to validate secure API designs before deployment, and the Compliance Officer who needs proof that shadow APIs are accounted for.
You monitor active attacks or profile threat actors by simply asking your agent, getting immediate data on suspicious activity.
You audit the API posture and check for design flaws using the MCP before releasing a new version to production.
You list all discovered APIs, including any unknown or 'shadow' endpoints, ensuring nothing is exposed without proper governance.
Benefits of connecting Salt Security MCP
Stop worrying about forgotten endpoints. Use get_inventory to automatically discover all APIs, including unknown or 'shadow' resources that could be exposed.
React instantly during an attack. Instead of manually creating firewall rules, just ask your agent to block the threat using block_attacker and pass the command straight to your WAFs.
Go beyond basic monitoring. Use get_attackers to profile known malicious actors so you understand their methods, not just the attacks itself.
Audit before deployment. Run get_posture_vulnerabilities to catch design flaws and weaknesses in APIs that haven't even reached a testing environment yet.
Ensure compliance easily. Use list_oas_specs or upload_oas_spec to manage your API documentation, making sure governance rules are always current.
Salt Security MCP use cases
Investigating a Breach
A SOC analyst detects unusual traffic. Instead of checking logs for hours, they ask the agent about recent attacks. The agent runs get_attacks and finds 12 malicious attempts targeting authentication modules, immediately directing the team to the point of failure.
Onboarding a New Service
A DevSecOps engineer finishes building an API but isn't sure if it has vulnerabilities. They run get_posture_vulnerabilities via the MCP, which flags several structural issues that must be fixed before deployment.
Discovery Audit
A Compliance Officer needs proof of full API coverage. They ask to list all APIs using get_inventory, finding four 'zombie' endpoints that were forgotten and require immediate documentation or removal.
Policy Update
The team updates their API structure. Instead of manually updating the security rules, they use upload_oas_spec to feed the new OpenAPI spec into Salt Security, instantly updating governance policies.
Salt Security MCP tradeoffs
What to watch out for, and the recommended way to handle each one.
Assuming APIs are documented
A developer thinks because a team says they document everything, no shadow APIs exist and skips the audit step.
Run get_inventory first to see every live API endpoint. If you find unknown endpoints, use get_endpoint on those specific paths to check for sensitive data exposure.
Reacting only after an attack hits
The security team waits until a customer reports that their account was compromised before investigating the source of the breach.
Use get_attacks proactively to monitor for signs of business logic abuse. If attacks are found, use block_attacker immediately to contain the threat.
Treating security as a manual checklist
The architect manually checks compliance against dozens of governance policies one by one and gets bored halfway through.
Ask your agent to use get_governance_policies to list the active rules, then ask it to check if any specific endpoints fail those rules.
When to use Salt Security MCP
Use this MCP if your primary problem is API visibility or real-time threat response. You need a single pane of glass that lets you audit inventory (get_inventory), spot weaknesses before launch (get_posture_vulnerabilities), and act immediately when something goes wrong (block_attacker). Don't use it if your issue is simply general network monitoring (use an existing SIEM tool) or managing internal user credentials (use a dedicated IAM tool). If you only need to read static API documentation, list_oas_specs works. But if you need to enforce policies and actively block threats in real-time conversationally, this is the right tool.
Frequently asked questions about Salt Security MCP
How do I find unapproved API endpoints using Salt Security? +
Use get_inventory to pull the entire list of discovered APIs. This tool automatically flags any endpoint that isn't formally documented or governed, helping you identify shadow resources.
Does Salt Security MCP help with compliance reporting? +
Yes. You can use get_governance_policies to list active rules and then verify specific APIs against those policies using get_endpoint, ensuring your system meets compliance standards.
What if I need to block an attacker right now? How do I use the Salt Security MCP? +
You simply prompt your agent with a command like "Block threat 'XYZ'", and it executes the block_attacker tool, passing the rule directly to your WAFs for immediate enforcement.
Can I use Salt Security MCP to see what attacks are happening right now? +
Absolutely. Use the get_attacks tool to list all detected malicious API attack events, giving you a clear record of current threats and how they attempt account takeovers.
Does this MCP cover pre-production vulnerabilities? +
Yes, before your code hits live, use get_posture_vulnerabilities. This tool retrieves identified design flaws that need fixing in development, preventing issues later on.