Back to MCP Servers

Defense.com MCP Server

Defense.com is an XDR cybersecurity platform that uses MCP internally to power its built-in AI assistants. No public MCP endpoint is currently documented.

Security by Defense.com None documented active
Docs
Overview

Defense.com is an XDR (Extended Detection and Response) cybersecurity platform that unifies threat intelligence, SIEM, vulnerability scanning, endpoint protection, penetration testing data, and external attack surface monitoring in a single console. The company describes its AI features as being "Powered by MCP," referring to Anthropic's Model Context Protocol, which it uses as the internal connector between its AI assistants and the platform's security data sources.

The MCP integration powers three Defense.com-hosted AI experiences: an AI Analyst that adds context to alerts, identifies false positives, and recommends mitigations mapped to specific assets; an AI Trainer that converts real threats into conversational security training exercises for staff; and an AI Consultant that delivers service reviews, compliance guidance (GDPR, ISO 27001, Cyber Essentials), and auditable remediation records.

Important caveat: based on public documentation as of May 2026, Defense.com has not published a public MCP server URL, GitHub repository, npm package, or configuration guide that lets external MCP clients (Claude Desktop, Cursor, VS Code, etc.) connect to the Defense.com platform. The "Powered by MCP" branding refers to MCP being used inside the Defense.com product, not a customer-consumable MCP endpoint. Customers who need MCP-style access today should contact Defense.com directly to ask about API access or roadmap plans.

Setup Guide

No public MCP endpoint documented

As of May 2026, Defense.com has not published a public MCP server URL, GitHub repository, or configuration JSON that external MCP clients can use. The "Powered by MCP" branding refers to MCP being embedded inside the Defense.com platform to power its own AI Analyst, AI Trainer, and AI Consultant features.

How to use Defense.com's MCP-powered AI today

  • Sign up for a Defense.com account at defense.com (28-day free trial available for up to 5 users).
  • Access the built-in AI Analyst, AI Trainer, and AI Consultant from inside the Defense.com console.
  • The MCP layer is internal and managed by Defense.com, so no client-side configuration is required.

If you need external MCP-style access

Defense.com offers a REST API and webhook integrations for tools like Jira, Slack, AWS GuardDuty, Azure Activity Logs, and Microsoft 365. See the Defense.com integrations page and the Help Centre for current API documentation. To request a customer-facing MCP server or roadmap details, contact Defense.com directly through their website.

Placeholder config (not officially supported)

No official config JSON exists. Do not connect to a third-party "defense.com MCP" repo on GitHub without verifying provenance, as these are not maintained by Defense.com.

Use Cases
  • Triage SIEM and EDR alerts inside the Defense.com console using the built-in AI Analyst to filter false positives and surface real threats.
  • Convert live security incidents into conversational training scenarios for staff using the AI Trainer feature.
  • Generate compliance reports and remediation records mapped to GDPR, ISO 27001, and Cyber Essentials using the AI Consultant.
  • Centralise vulnerability scans, penetration test results, endpoint telemetry, and external attack surface data into one AI-queryable view.
  • Replace the need for a dedicated SOC team for small and mid-sized businesses by leaning on Defense.com's managed AI-driven detection.
Example Prompts
  • "Summarise the highest-priority threats detected across my environment in the last 24 hours."
  • "Which of last night's alerts are likely false positives and which need a human response?"
  • "Build a short training scenario for my team based on the phishing incident from yesterday."
  • "Map our current open vulnerabilities to ISO 27001 controls."
  • "What remediation steps should I take for the critical CVEs found on our Windows servers?"
Pros
  • Backed by an established commercial XDR vendor, not a community side project.
  • Bundles SIEM, vulnerability scanning, EDR, pentest data, and attack surface monitoring under one AI layer.
  • Compliance mapping to GDPR, ISO 27001, and Cyber Essentials is built in.
  • 28-day free trial available without a managed services commitment.
Limitations
  • No public MCP server URL, GitHub repo, or config JSON is published, so external MCP clients cannot connect today.
  • MCP is used internally to power Defense.com's own AI, not exposed as a developer-facing integration.
  • Requires a Defense.com subscription, which is a paid commercial product after the trial.
Alternatives
More Security MCP Servers
Bitwarden
Local-first MCP server for Bitwarden. Manage vault items, generate passwords, share secrets via Send, and administer organizations through the Bitwarden CLI and public API.
Conviso
MCP server for the Conviso Platform. Lets AI agents query software assets, vulnerabilities, security projects, and AppSec risk metrics.
CrowdStrike Falcon
Official CrowdStrike MCP server connecting AI agents to the Falcon platform for detections, threat intel, hosts, vulnerabilities, and security automation.
DataGrail
Provider-hosted MCP server for DataGrail's Vera privacy platform. Manage DSRs, opt-outs, data mapping, consent, and risk assessments from AI tools.