CloudSEK MCP Server
Available now

CloudSEK, inside the AI your SOC already runs

The MCP Server brings your live platform data and Global Threat Intelligence into Claude, Cursor, Kiro, or any MCP client. Your analysts ask in plain language and get CloudSEK's answer without tabbing back to the console.
Scoped to your org
Your existing CloudSEK token
Built on the open MCP standard
What you can do

From your platform to your team's next question.

Everything in CloudSEK, from alerts and incidents to Global Threat Intelligence, becomes something your team can just ask for in the AI client they already use.

Your CloudSEK Platform

XVigil & BeVigil alerts

Credential leaks, phishing, exposed assets

Incidents & triage

Priority, status, owners, audit trail

Global Threat Intelligence

Actors, CVEs, IOCs, curated feeds

Model Context Protocol

Your AI clients, wired to CloudSEK

Claude, Cursor, Kiro, Gemini, and any MCP client, connected to live CloudSEK data.

What your SOC asks
"Give me a morning triage brief for the last 24 hours"
“Is 45.139.•••.••• malicious, and who's behind it?”
“Which CVEs are trending for our sector?”
“Show me unassigned P0 incidents.”
For security leaders

Faster response from the AI your team already runs.

No new console, no new seats, no rip-and-replace. Your analysts get CloudSEK where they already work, and you get a shorter path from signal to action.

Step 1

Value from the AI you already bought

The assistants your teams already pay for become security-aware. Nothing new to procure, deploy, or train the SOC on.

Step 2

Less toil, lower dwell time

Analysts triage, enrich, and attribute inside the tool they're in. Fewer tabs, fewer handoffs, a shorter path from alert to action.

Step 3

Grounded and governed

Answers come from live CloudSEK signal, not model guesses, scoped to each analyst's access and attributable in your audit trail.

How It Works

One endpoint. Your token. Any client.

Point an approved AI client at the CloudSEK endpoint, pass your API token, and ask. Nothing to deploy, no console to stand up.

1

Connect

Add the CloudSEK endpoint to your AI client's MCP config. One block of JSON.

2

Authenticate

Pass your API token and Org ID. The agent gets exactly your access, nothing more.

3

Ask

Query in plain language. CloudSEK returns live data the model can reason with.

Built for security teams

Your governance team will sign off.

Threat data is sensitive. The server earns the yes on the three things that matter.

Scoped to your org

Bound to the token and Org ID you pass. The agent sees your access, not a row more.

Stateless by default

Tokens are read per request, never written to disk, and redacted from every log.

Your token, your audit trail

Each analyst connects with their own token, so every query attributes to a person.

FAQ

Frequently Asked Questions

Everything you need to know about the product and billing.

What is the Cloudsek MCP server?

A hosted endpoint that connects any AI client speaking the Model Context Protocol (MCP) to CloudSEK. Your assistant can query your live platform data (alerts, incidents, triage briefs, audit trails) and CloudSEK's Global Threat Intelligence on actors, feeds, CVEs, and IOCs, all in natural language.

Icon - Elements Webflow Library - BRIX Templates

Which AI clients does it work with?

Any MCP-compatible client. Setup is documented for Claude Desktop (recommended), Claude Code, Cursor, Kiro, Gemini CLI, OpenAI Codex CLI, and Amazon Q. The Claude.ai web app isn't supported yet; use Claude Desktop for now, with web support on the roadmap.

Icon - Elements Webflow Library - BRIX Templates

Is it safe to connect to our threat data?

Yes, by design. Access is scoped to the API token and Org ID you pass, so the agent only sees what you're entitled to. The server is stateless: credentials are read per request, never stored, and redacted from logs. And each analyst uses their own token, so activity attributes correctly and access revokes independently.

Icon - Elements Webflow Library - BRIX Templates

How is this different from AIVigil?

AIVigil discovers and secures your exposed AI attack surface, including risky third-party MCP servers. The CloudSEK MCP Server goes the other way: it brings CloudSEK's own intelligence into your AI tools. One defends your AI footprint; the other puts CloudSEK in your workflow.

Icon - Elements Webflow Library - BRIX Templates

How do we get started?

Available now to CloudSEK customers. Connect it with your existing API token and Org ID in about five minutes, or book a demo and our team will walk your SOC through it.

Icon - Elements Webflow Library - BRIX Templates

Put CloudSEK in your AI workflow.

See a live triage-to-attribution loop on your own data. Your SOC connects in minutes.