The Model Context Protocol server lets clients like Claude and Cursor work directly against your tenant's compliance graph — securely scoped to your organization, with read tools that answer and action tools that only ever propose.
> list_failing_controls
2 controls need evidence:
• CC6.1 Encryption at rest
• CC7.2 Log review cadence
scope: org:your-tenant
(never crosses tenants)List frameworks, controls, requirements, and the evidence behind them — straight from your AI client, without a context-switch into the app.
Ask which controls need attention and what evidence is missing, and get an answer scoped to your tenant without leaving your editor.
Generate questionnaire answers, summaries, and remediation notes grounded in your own policies and test results — as drafts your team reviews.
Every tool call is scoped to your organization by an org-bound token. The server cannot reach another tenant's data, by construction.
The split is deliberate. Reading your posture is safe to do directly; anything that could change something is staged for a human.
list_controlsAll controls and their current status across active frameworks.
get_evidenceThe evidence backing a control or test, with source and timestamp.
control_statusPass/fail and last-checked time for a specific control.
failing_testsTests currently failing, with the controls they affect.
query_complianceNatural-language query over your own graph, grounded with citations.
draft_remediationPropose a remediation for a failing test — returned as a draft, never applied.
open_findingStage a finding for a human to confirm before it enters the findings inbox.
Action tools never mutate a connected system or send anything externally. They stage a draft or a finding; a human confirms.
Create an org-scoped credential from your workspace settings. It grants access to your tenant only, with scopes you choose, and can be revoked at any time.
Point your MCP client at the server URL and paste the token into your client's config. Claude, Cursor, and any standards-compliant MCP client work the same way.
Query posture, list failing controls, or draft answers. Read tools return data directly; action tools return proposals your team still reviews before anything ships.
Each credential is bound to one organization and a set of scopes. There is no token that can read across tenants, and tokens are revocable and have a last-used timestamp.
MCP tool calls go through the exact tenant-isolation layer the web app uses. The server is not a back door around your data boundary; it inherits it.
Most tools are read-only. The few action tools are propose-only — they stage drafts and findings for a human to confirm, and never mutate a connected system on their own.
The Model Context Protocol is an open standard that lets AI clients call external tools. By shipping an MCP server, we let your existing AI tools — Claude, Cursor, others — work directly against your compliance data, instead of you copying context back and forth. Because we are AI-native, this is a natural fit rather than a bolt-on.
No. The bulk of the tools are read-only. The two action tools (draft_remediation, open_finding) are propose-only: they stage a draft or a finding for a human to review and confirm. No MCP tool mutates a connected system or sends anything externally without an explicit human gate.
Every tool call carries your org-scoped token and runs through the same isolation layer as the web application. A credential for one organization can never read another's data — isolation is enforced at the data layer, not just hidden in the UI.
Revoke it from workspace settings; it stops working immediately. Tokens are scoped, so a leaked token only ever had access to one org's data and only the scopes you granted it. Last-used timestamps help you spot a token that is being used unexpectedly.
Any standards-compliant MCP client. Claude and Cursor are the common ones, but the server speaks the protocol, so anything that implements MCP can connect with the same token-and-URL setup.
No. The in-app AI assistant works without it. The MCP server is for teams who would rather work from their own AI tools — it brings the same grounded, review-gated workflow into your editor.
Get a demo and we'll show the MCP server connected to a live tenant.