UpGuard MCP. Assess Vendor Risk & Attack Surface Visibility
UpGuard monitors your entire attack surface and assesses third-party vendor risks through natural conversation. It lets you check security scores, track identity breaches affecting employees, and audit digital assets—all without jumping between dashboards. Connect this MCP to see exactly where vulnerabilities exist before attackers do.
Claude 
ChatGPT 
Cursor 
Gemini 
Windsurf 
VS Code 
JetBrains 
Vercel Give Claude and any AI agent real-world access
Retrieve security scores and detailed risk metrics for any third-party vendor you work with.
List all monitored domains, IP ranges, and SaaS applications to understand your full digital footprint.
View recent identity breaches affecting your workforce and get reports on affected email addresses.
Audit user-specific risk data, checking for signs of compromised accounts or behavioral issues.
List all active security risks found across your own infrastructure and your vendor network.
Ask an AI about this
Waiting for input…
What AI agents can do with UpGuard With 9 Tools
These tools let you query specific data points, from listing all vendors to checking active user risk profiles, giving you complete visibility into your attack surface.
Make your AI actually useful.
Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.
Start using UpGuard MCPGet Vendor
Retrieves detailed security information for a single, specified vendor.
List Saas Apps
Provides a list of all SaaS applications monitored by UpGuard.
List Identity Breaches
Generates a full report detailing identity breaches found across the organization's...
List Monitored Domains
Lists all domain names that are currently under continuous monitoring.
List Monitored Ips
Provides a comprehensive list of monitored IP addresses for asset visibility.
List Account Risks
Lists all currently detected security risks affecting the entire account or organization.
List User Risks
Retrieves specific risk data and threat indicators for individual users.
List Vendor Risks
Lists all active security risks found specifically within a target vendor's profile.
List Vendors
Retrieves an overview list of every third-party vendor currently being monitored.
Security and governance baked right in.
Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.
Claude AI
Open Claude Settings
Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
Add Custom Connector
Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:
https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp
Replace [YOUR_TOKEN_HERE] with your token
from cloud.vinkius.com. For OAuth-protected servers, expand
Advanced settings to add credentials.
Start a conversation
Open a new chat. The UpGuard integration is available immediately — no restart needed.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on each call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with UpGuard, then connect any of our 5,200+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 5,200+ others, all in one place
- Add new capabilities to your AI anytime you want
- Connections are secured and governed automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog weekly
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by UpGuard. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS CLOUD
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on each call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Security review used to be a nightmare of tabs and PDFs.
Today, checking your company's security posture means opening five different portals: one for vendors, one for user logins, one for IP ranges, and another for SaaS apps. You spend hours copy-pasting scores into spreadsheets just to figure out which partner is actually the biggest risk.
With this MCP, you talk to your agent. You ask about a vendor's security score or check for identity breaches affecting employees, and it pulls all that information together instantly. You get actionable intelligence without ever leaving your chat window.
UpGuard: Security Visibility in Conversation
The manual steps of querying list_vendors, checking the specific details with get_vendor, and then cross-referencing those findings against your asset inventory using list_monitored_domains are now one prompt. You don't click; you ask.
Your security team moves from data gathering to risk remediation. The MCP turns weeks of report aggregation into minutes of conversation.
What UpGuard MCP does for your AI
Monitoring an organization's digital perimeter is a full-time job that used to require running reports across five different consoles. This MCP connects your AI agent directly to UpGuard data, letting you talk through complex security questions like talking to a seasoned analyst. You can ask about specific vendors or track down every instance of identity theft affecting your staff.
If you're using Vinkius, this connector pulls together vendor risk profiles, monitored domains, and active account risks into one chat window. It’s simple: instead of building complex queries, you just tell the AI what you need to know about who you trust or where your data might be exposed.
019dd17d-cb81-706e-a890-a1594e5fb815 
How to set up UpGuard MCP
The bottom line is you ask a question in plain English and get actionable, data-backed security answers instantly.
Subscribe to this MCP and enter your UpGuard API Key into the Vinkius catalog.
Your AI client authenticates the connection, giving your agent access to all monitored security data.
You prompt the agent with a natural language query—like 'Show me the top three vendors with high-risk scores'—and get immediate, summarized results.
Who uses UpGuard MCP
This MCP is for the Security Analyst who spends half their day cross-referencing spreadsheets; for the Compliance Officer needing proof of due diligence; and for the CIO who needs a single source of truth on vendor exposure. It cuts out hours of manual report generation.
Uses this MCP to check active security risks across both internal infrastructure and external vendors, focusing on specific tools like list_user_risks.
Verifies vendor risk profiles against compliance standards and tracks identity breaches to satisfy regulatory audits.
Maintains a complete, real-time inventory of all monitored domains and IPs by calling list_monitored_domains or list_monitored_ips.
Benefits of connecting UpGuard MCP
Stop manually checking security reports. You can run list_vendors and immediately get a full overview of every monitored vendor, including their current score.
Audit user activity risk instantly. Using list_user_risks lets you pinpoint which employees are exposed to identity theft or suspicious behavior without needing the HR team's help.
Keep track of your digital footprint by listing all assets with list_monitored_domains and list_monitored_ips in one query, eliminating spreadsheet sprawl.
Determine exactly what’s wrong with a partner. You can check active issues for any third party using list_vendor_risks, then narrow it down with get_vendor.
Respond to breaches faster. Calling list_identity_breaches gives you immediate access to breach reports and affected employee lists when an incident happens.
UpGuard MCP use cases
Vendor Due Diligence Check
A compliance officer needs to prove that a new partner, 'Acme Corp,' meets security standards. They ask the agent: 'List active risks for Acme Corp and list all monitored vendors.' The AI responds with specific findings from list_vendor_risks and then gives a list of competitors using list_vendors.
Identifying Internal Exposure
An IT Ops Manager suspects an employee's credentials were stolen. They prompt: 'What is the current risk status for user Jane Doe?' The agent runs list_user_risks, providing a clear report on identity theft exposure and recommending immediate action.
Mapping Forgotten Assets
The security team needs to know every public asset they manage. They run 'List all domains and IPs.' The agent uses list_monitored_domains and list_monitored_ips, giving them a definitive inventory of the organization's digital perimeter.
Post-Incident Review
After an incident, the security team needs to know how many employees were affected. They ask: 'Were there any identity breaches in Q3?' The agent uses list_identity_breaches and provides a detailed report on the scale and source of the breach.
UpGuard MCP tradeoffs
What to watch out for, and the recommended way to handle each one.
Trying to query historical data manually
Downloading raw CSV reports from UpGuard's website for vendor scores, then trying to compare those scores with a separate list of monitored domains in Excel.
Instead, use the MCP. You can ask the agent to check multiple sources at once: 'Show me vendors whose security score dropped and list their associated domains.' This combines data points from list_vendors, get_vendor, and list_monitored_domains into one chat response.
Running risk checks in a siloed dashboard
Checking user risks on the Identity page, then checking vendor risks on the Vendor portal. You end up missing the connection between them.
Use list_user_risks and list_vendor_risks together. Ask: 'Are there any high-risk users associated with vendors who show active security risks?' The MCP correlates these two data sets for a holistic view.
Forgetting the full scope of assets
Only looking at public domains and ignoring internal IP ranges or SaaS apps that could be compromised.
Always include asset visibility checks. Use list_monitored_ips, list_monitored_domains, and list_saas_apps in a single prompt to guarantee you've covered your entire attack surface.
When to use UpGuard MCP
Use this MCP if your core problem is connecting disparate security data points: vendor risk, domain inventory, user behavior, and identity breaches. You need an agent that can correlate findings from list_vendors, get_vendor, and list_user_risks in a single conversation thread. Don't use it if you are building a real-time SIEM feed or needing to ingest massive amounts of raw log data; for that, stick with dedicated logging platforms. However, if your workflow involves asking 'What is the security status of X?' across multiple domains (vendors, users, assets), this MCP cuts out all the manual clicking and report generation.
Frequently asked questions about UpGuard MCP
How do I check a vendor’s score using UpGuard MCP? +
You can use list_vendors to see an overview, or get_vendor to pull deep security details for a single partner. The agent presents this data in plain English so you don't have to read technical reports.
Can UpGuard MCP track my employees' personal breaches? +
Yes. You can use list_identity_breaches to monitor identity theft affecting your workforce, giving you immediate alerts on compromised credentials or domains.
Does this MCP show me all my assets? +
It provides comprehensive visibility by letting you list_monitored_domains and list_monitored_ips. This ensures your entire digital footprint is accounted for in one place.
How do I check if a user account is risky with UpGuard MCP? +
Use the list_user_risks tool. It aggregates behavioral data to show you specific risks associated with individual users, helping you preemptively address compromised accounts.
Is this better than just looking at vendor reports? +
Yes. While vendor reports are useful, the MCP allows you to run list_vendor_risks and compare those findings against your own monitored IP ranges (list_monitored_ips) in a single, cross-referenced view.