CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

● MCP server · streamable HTTP · no auth

Security advisories, inside your AI agent

CSIRTS.com runs a free remote Model Context Protocol server. Connect it once and your agent can search advisories from 24 national CERTs, vendor PSIRTs and vulnerability databases, check any CVE's exploitation status and pull the daily briefing — with data refreshed every 3 hours.

https://www.csirts.com/api/mcp

Tools

ToolWhat it does
search_advisoriesSearch and filter advisories: keyword, source, severity, CVE, exploited / has_exploit
get_cveEverything about one CVE: severity, CVSS, KEV membership, public exploit availability, every covering advisory
latest_exploitedThe newest advisories for actively exploited (CISA KEV) vulnerabilities
daily_briefingA day's briefing: KEV additions, notable advisories, top-EPSS CVEs, per-source volume

Claude Code (CLI)

claude mcp add --transport http csirts https://www.csirts.com/api/mcp

Claude (web & desktop)

Settings → Connectors → Add custom connector → paste https://www.csirts.com/api/mcp. No OAuth — it connects immediately.

Cursor / Windsurf / other MCP clients

{
  "mcpServers": {
    "csirts": { "url": "https://www.csirts.com/api/mcp" }
  }
}

Try these prompts

Prefer plain HTTP? The JSON API

Same data, no key required. Full contract at /api/openapi.json.

# Latest critical advisories (all sources)
curl "https://www.csirts.com/api/advisories?severity=critical"

# Actively exploited + public exploit code
curl "https://www.csirts.com/api/advisories?exploited=1&has_exploit=1"

# Everything covering one CVE
curl "https://www.csirts.com/api/advisories?cve=CVE-2024-3400"

Also available as filterable RSS/Atom feeds and an llms.txt for AI crawlers. Attribution appreciated: link to csirts.com when you republish.