Talk to Your Threat Data: HUMAN Security MCP Server for AI-Powered Security Intelligence

The Rise of Conversational Security

Picture this: It’s 2am. An anomaly is detected in your login traffic. Instead of bouncing between dashboards, writing SQL, and stitching together insights, you could simply ask your AI assistant:

“Show me all attack clusters targeting our login pages in the last 6 hours.”

And get an answer. Instantly. With context, forensics, and next steps.

This is the future we’re building at HUMAN – where interacting with your threat data is as easy as asking a question. 

With the new HUMAN Security MCP Server, that future is here.

Introducing the HUMAN Security MCP Server

Today, we’re excited to announce the open-source release of the HUMAN Security MCP Server—a direct bridge between your AI assistant and HUMAN’s industry-leading threat intelligence. 

Built on the Model Context Protocol (MCP), this server allows any MCP-compatible AI agent (like Cursor or Claude) to natively talk to our APIs and turn your assistant into an always-on, fully-briefed security analyst. 

This allows you to work with your security data in the most human way possible: by talking to it. Just ask a question—no dashboards, no scripting—and get real-time, high fidelity answers backed by the same threat intelligence protecting Fortune 500 companies and major platforms worldwide. 

Why We Built This

Security teams are overwhelmed, not by a lack of data, but by the friction of interacting with it. Dashboards. Queries. Manual triage. 

Modern threats move fast, and your intelligence should move faster. Security teams should be able to ask questions in natural language and get answers instantly. That’s now possible. Our server unlocks a new interaction model: conversational security. This new capability reduces time-to-insight, removes friction, and makes your team more productive. 

What You Can Do with the MCP Server: Your AI Assistant Becomes a Security Analyst

With the HUMAN MCP Server running, your AI assistant can now provide expert-level responses powered by two of our flagship products: Cyberfraud Defense and Code Defender. Here’s what that looks like: 

Cyberfraud Defense & Analytics

Ask your assistant:

• “Show me attack trends over the last 24 hours.”
  • See a breakdown by attack type (ATO, scraping, abuse), time-series data, active campaigns, targeted endpoints, and defense responses.
• “Investigate suspicious activity for account ID XXXXX.”
  • Get a complete security profile for the user: risk scores, behavior anomalies, incident timelines, known triggers, and transaction patterns.
• “What’s the status of attack cluster ATO-XXXX?”
  • Receive cluster forensics: sophistication score, bot signatures, spoofing behavior, IP reputation, and more.
• “What’s our overall traffic security posture right now?”
  • Get real-time insights into your traffic health: legitimate vs blocked request ratios, attack volume trends, web vs. mobile threats, and security control effectiveness. You’ll see exactly how well your defenses are performing with quantifiable metrics.

You can also ask your assistant to visualize data. When your assistant has MCP access to HUMAN’s APIs, a simple query like “What are the key threats from the last 48 hours?” can return not just a summary, but a full dashboard:

 

Code Defender

Ask your assistant: 

• “What third-party scripts are running on our payment pages?”
  • Get a full list of scripts by page, complete with vendor attribution, risk levels, PCI DSS compliance status, and known vulnerabilities (including CVEs). Understand your supply chain in one question.
• “Are we PCI DSS compliant based on our security headers?”
  • The assistant audits your headers (CSP, HSTS, etc.) and maps them to compliance requirements with actionable fixes.
• “Show me recent client-side security incidents.”
  • See DOM injections, script anomalies, XSS attempts—scored by risk, timestamped, and linked to affected URLs.
• “Which vendors pose the highest risk to our checkout flow?”
  • Receive a ranked vendor risk analysis based on behavior, privileges, known vulnerabilities, and access patterns.

How It Works

The MCP Server runs locally and acts as a real-time interpreter between your AI assistant and HUMAN Security’s APIs. Once installed and configured with your HUMAN API credentials, your assistant will have access to specialized MCP tools and can begin making security queries immediately.

For security teams, this means:

• No more context switching between tools and dashboards
• Ask your questions in plain English instead of learning new interfaces
• Real-time answers backed by production-grade intelligence and detection
• Seamless integration with your existing workflow

See It in Action

This short video demonstrates how a Claude AI assistant leverages the MCP Server connection with HUMAN Cyberfraud Defense data to assess an organization’s traffic security posture.

 

Access for HUMAN Customers

The HUMAN MCP Server is now available to all existing HUMAN customers. The tool is open-source, MIT licensed, and designed to work with the tools you already use.

You’ll need:

• An active HUMAN account and valid API credentials
• An MCP-compatible AI Client (like Cursor or Claude)
• NPM (Node Package Manager) installed on your computer
• Access to our GitHub repository. 

What’s Next

This release is just the beginning. We’re committed to expanding the MCP toolset and supporting more workflows over time. Expect follow-ups with tutorials, use cases, and deeper integration guidance.

If you’re a HUMAN customer, talk to your Customer Success team to ensure you’re set up and informed. If you’re an engineer or security researcher, we’d love your feedback and contributions.