● MCP server · streamable HTTP · no auth
Security advisories, inside your AI agent
CSIRTS.com runs a free remote Model Context Protocol server. Connect it once and your agent can search advisories from 24 national CERTs, vendor PSIRTs and vulnerability databases, check any CVE's exploitation status and pull the daily briefing — with data refreshed every 3 hours.
https://www.csirts.com/api/mcpTools
| Tool | What it does |
|---|---|
search_advisories | Search and filter advisories: keyword, source, severity, CVE, exploited / has_exploit |
get_cve | Everything about one CVE: severity, CVSS, KEV membership, public exploit availability, every covering advisory |
latest_exploited | The newest advisories for actively exploited (CISA KEV) vulnerabilities |
daily_briefing | A day's briefing: KEV additions, notable advisories, top-EPSS CVEs, per-source volume |
Claude Code (CLI)
claude mcp add --transport http csirts https://www.csirts.com/api/mcpClaude (web & desktop)
Settings → Connectors → Add custom connector → paste https://www.csirts.com/api/mcp. No OAuth — it connects immediately.
Cursor / Windsurf / other MCP clients
{
"mcpServers": {
"csirts": { "url": "https://www.csirts.com/api/mcp" }
}
}Try these prompts
- “What was added to the CISA KEV catalog this week?”
- “Any critical advisories for Fortinet or Ivanti in the last month?”
- “Is CVE-2024-3400 actively exploited, and is there public exploit code?”
- “Summarize yesterday's security briefing.”
Prefer plain HTTP? The JSON API
Same data, no key required. Full contract at /api/openapi.json.
# Latest critical advisories (all sources)
curl "https://www.csirts.com/api/advisories?severity=critical"
# Actively exploited + public exploit code
curl "https://www.csirts.com/api/advisories?exploited=1&has_exploit=1"
# Everything covering one CVE
curl "https://www.csirts.com/api/advisories?cve=CVE-2024-3400"Also available as filterable RSS/Atom feeds and an llms.txt for AI crawlers. Attribution appreciated: link to csirts.com when you republish.