Tenable MCP. Check vulnerabilities and manage assets instantly.
Tenable connects your entire vulnerability management program directly to any AI agent. You can list all assets, check deep telemetry like OS fingerprints and IPs, find specific security findings (CVEs) on individual machines, or manually launch immediate scans—all without leaving your chat window or IDE.
Claude 
ChatGPT 
Cursor 
Gemini 
Windsurf 
VS Code 
JetBrains 
Vercel Give Claude and any AI agent real-world access
List all host and cloud assets discovered in your Tenable environment.
Pull detailed metadata, networking info, and the risk profile for any specific asset ID.
Retrieve explicit security findings or CVEs affecting a single, targeted asset.
Manually trigger an immediate scan run using one of your configured assessment templates.
Get the full runtime analytics and vulnerability summaries for a specific, completed scan job.
Ask an AI about this
Waiting for input…
What AI agents can do with Tenable: 10 Tools for Security Operations
These tools let you interact with Tenable's core functions, allowing your agent to list inventory, check specific vulnerabilities, or launch scans programmatically.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using Tenable MCPList Assets
Lists all hosts and cloud assets discovered in Tenable.io.
Get Asset Details
Retrieves detailed metadata, networking information, and the risk profile for a...
Get Scan Results
Pulls runtime analytics and vulnerability summaries for a specific scan job ID.
Launch Scan
Manually triggers an immediate execution of one of your configured vulnerability...
List Scan Folders
Lists the different operational scan folders, like 'PCI Quarters' or 'My Scans'.
List Logical Networks
Retrieves a list of Tenable's defined logical routing networks.
List Scans
Lists all historical vulnerability assessment scans configured in Tenable.io.
List Asset Tags
Displays organizational tags mapped across your assets, like 'Critical' or...
List Scanners
Lists all Nessus scanners that are managed by Tenable.io.
Get Asset Vulnerabilities
Retrieves explicit security findings, or Workbench results, for a specific asset ID.
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The Tenable integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on each call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Tenable, then connect any of our 5,200+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,200+ others, all in one place
- Add new capabilities to your AI anytime you want
- Connections are secured and governed automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog weekly
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Tenable. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS CLOUD
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on each call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
The Pain of Dashboard Overload
Today, checking asset risk means clicking through tenable.io's web interface: you jump to the assets list, pull IDs, check tags in a separate section, find the correct scan folder, and then manually initiate an assessment run. You end up copying data from one tab, pasting it into another, and spending fifteen minutes just gathering context before you even start investigating.
With this MCP, you simply ask your agent what you need. The process collapses into a single conversation. You get the asset list, its current vulnerabilities, and the ability to launch an immediate scan—all while staying right where you are working.
Tenable Vulnerability Management with MCP
You don't have to manually list scans and then cross-reference the results. You can ask your agent to retrieve all scan analytics for a specific job ID, and it handles the data aggregation for you.
It changes the game from tedious manual investigation into instant, conversational intelligence. Your focus shifts entirely to remediation, not navigation.
What Tenable MCP does for your AI
This MCP brings your Tenable enterprise environment into your conversation flow. Instead of logging into multiple dashboards to build a risk profile, you talk to your agent about it. You can list all discovered assets and immediately pull deep details on any host, including its OS fingerprint and tags. Need to know what vulnerabilities are hitting a specific machine? Just ask for the security findings, and you get them directly.
If you find an asset that looks risky, you don't have to wait; you can manually trigger an immediate scan run right through your chat. This ability to execute complex checks instantly is why having this connector available on Vinkius makes a huge difference in speed.
It lets security analysts pinpoint CVE details for compromised servers in seconds. DevSecOps engineers can launch scans on newly deployed infrastructure zones directly from their code editor, and IT admins can check the health of your scanning fleet to ensure everything is running right.
019d7611-892b-712a-bd3c-466166d1f4ca 
How to set up Tenable MCP
The bottom line is you get actionable vulnerability data from your tenable platform without ever navigating complex web dashboards.
Subscribe to this MCP and enter your Tenable Access Key and Secret Key.
Tell your agent what you need. For example, 'Check the vulnerabilities for asset X' or 'Launch a scan on the new zone.'
The agent talks directly to Tenable, pulls the data, and presents the results in plain text right where you are working.
Who uses Tenable MCP
This MCP targets security analysts and devsecops engineers who are tired of spending hours clicking through multiple dashboards just to build a basic risk report. It’s for anyone whose job requires real-time, deep visibility into network vulnerabilities.
Needs to instantly pull CVE details or security findings for specific compromised servers when investigating an alert.
Must trigger scans on newly deployed infrastructure zones directly from their code editor or terminal workflow.
Needs to audit the operational status of scanning tools and verify that host tags match the organizational network topology.
Benefits of connecting Tenable MCP
Get immediate visibility into risk. You can check a specific asset's security findings, pulling explicit CVE details without navigating complex dashboards or running manual reports.
Manage infrastructure from your chat. DevSecOps teams can manually trigger scans on new zones directly from their code editor, making deployment and testing faster.
See the whole picture of your network. You can list assets and then check detailed telemetry—OS fingerprints, IPs, tags—to understand exactly what you're protecting.
Know if your scanners are working. Use this MCP to audit scanner health and confirm that host tags actually match the logical network topologies before a major project starts.
Quickly assess scope. You can list all configured scans and scan folders (like 'PCI Quarters') to ensure you've covered every required compliance area.
Tenable MCP use cases
Investigating an alert on a critical server
A security analyst gets an alert for Asset ID X. Instead of logging into the Tenable UI, they ask their agent to retrieve all vulnerabilities for Asset ID X. The agent immediately returns a list of 3 critical severity issues and details which plugin caused them.
Validating network segmentation
An IT administrator needs confirmation that the newly deployed staging environment is properly segmented. They use the MCP to list logical networks, compare it against the asset tags, and verify that only authorized assets exist in that segment.
Proving compliance for an audit
A team needs proof of vulnerability assessment coverage for PCI requirements. Instead of manually running reports, they ask the agent to list all scans related to 'PCI Quarters' and then retrieve the full scan results from the most recent run.
Responding to a zero-day discovery
A vulnerability is announced for a common library. The engineer asks their agent to check specific assets against this CVE using the 'get_asset_vulnerabilities' tool, getting an instant list of all affected machines across the entire fleet.
Tenable MCP tradeoffs
What to watch out for, and the recommended way to handle each one.
Manual dashboard hopping
Copying asset IDs from one dashboard, pasting them into another section to check tags, then manually triggering a scan run via a web form.
Start by listing assets and then asking the agent to get all details for those assets. If needed, immediately launch_scan() directly through your chat interface.
Assuming data completeness
Believing that just seeing a list of scans is enough without knowing what was actually tested or if the scanner itself is healthy.
First, use list_scanners() to check plugin health. Then, use get_scan_results() on a specific scan ID to confirm the actual findings.
Ignoring asset context
Running a generic vulnerability assessment without knowing if the host is in production or staging, leading to false positives.
Use list_asset_tags() first. Then use get_asset_details() on that specific asset ID before deciding which scan run to launch.
When to use Tenable MCP
Use this MCP if your workflow demands deep, immediate data retrieval from Tenable across multiple domains: assets, vulnerabilities, and historical scans. You need the ability to check a vulnerability against a single host (get_asset_vulnerabilities) and then immediately launch a remediation scan (launch_scan) without switching tools or logging in. Don't use this if your goal is simply to read Tenable reports into PDF format; you still need to export those files manually. Also, don't use it if you only want general system health checks outside of the scope of vulnerability assessment; for that, a different monitoring tool might suffice.
Frequently asked questions about Tenable MCP
How do I check if a specific asset has vulnerabilities using Tenable MCP? +
You use get_asset_vulnerabilities() to pull the explicit security findings for that single machine. This gives you immediate details on CVEs without needing a full scan.
What is the best way to start a new vulnerability assessment? +
You first use list_scans() to see what assessments are configured, and then manually trigger an immediate run using launch_scan().
Can I find out what tags my assets have? +
Yes, you can run list_asset_tags() to see all the organizational tags available across your environment.
Does Tenable MCP help with compliance reporting? +
It helps by allowing you to easily list and retrieve results from specific scan folders (like 'PCI Quarters'), making it easier to prove coverage for an audit.
How do I view the full data of a host? +
Use get_asset_details() with the asset ID. This pulls comprehensive metadata, networking details, and the overall risk profile in one go.