In development — early access planned

CyberSec MCP Server: Security tools for AI agents

A Model Context Protocol server that will expose Axiom Cyber's threat intel, detection rules, MITRE ATT&CK mappings, and OSINT tooling to any MCP-compatible AI client. Bring your own model — Claude, ChatGPT, Cursor — and let it work alongside your security operation.

What the Server Provides

Six tool surfaces, each grouped by how an analyst would use them in practice.

Threat intelligence

  • IOC analysis and enrichment
  • Domain, IP, and URL reputation lookups
  • Threat-actor catalog and attribution
  • Incident record search

MITRE ATT&CK

  • Technique lookup and tactic mapping
  • Adversary group attribution
  • Software / tool catalog
  • Mitigation suggestions per technique

OSINT

  • Have I Been Pwned breach lookups
  • Subdomain enumeration via certificate transparency
  • Email and domain reconnaissance
  • Domain age and registration history

Detection engineering

  • Generate Sigma rules from indicators
  • Generate YARA rules from indicators
  • Generate Splunk SPL and Elastic EQL queries
  • Generate Wireshark display filters

Logs + filesystem

  • Log search and aggregation across sources
  • Filesystem operations and analysis
  • Container and cloud-resource inspection
  • Web-content retrieval and analysis

Detection rule store

  • Browse and search detection rules
  • Load and validate Elastic Security TOML rules
  • Cross-platform rule library (Linux, macOS, Windows)
  • Tag rules by ATT&CK technique and risk score

Why MCP, Why Now

The Model Context Protocol is becoming the standard for connecting AI clients to real tools. We've built one for security operations.

Bring your own AI

MCP is an open standard. Connect from Claude Desktop, Claude API, ChatGPT, Cursor, or any MCP-compatible client. We don't lock you to a specific AI provider.

Single source of truth

All Axiom Cyber products (ThreatTrace, TDR, Thoth) consume from this same backend. When threat intel updates here, every product downstream sees it.

Standards-aligned

STIX 2.x for threat intel exchange. MITRE ATT&CK for technique mapping. OASIS-style indicators. Industry-standard formats throughout — no proprietary lock-in.

Join the early-access list

The CyberSec MCP Server is in development. We're working with a small set of early-access partners to validate the tool surface and integration pattern with Claude Desktop, Cursor, and other MCP-compatible clients before broader release.