Control ArmoScan directly from Claude, ChatGPT, and Gemini. 40 security tools, 5 guided workflows, zero API learning curve.
The Model Context Protocol (MCP) is an open standard developed by Anthropic that enables AI assistants to securely interact with external tools and services through a unified protocol.
MCP is an open protocol that standardizes how AI models communicate with external tools. Any AI platform supporting MCP can seamlessly connect to ArmoScan's security capabilities.
All communication flows through authenticated, encrypted channels. Your security data never leaves your infrastructure — the AI assistant calls your MCP server, which talks to your ArmoScan instance locally.
One MCP server serves all major AI platforms. Claude connects via native MCP protocol, while ChatGPT and Gemini connect via the included OpenAPI/REST endpoints — all from the same server.
ArmoScan MCP Server supports all major AI platforms through native MCP protocol and OpenAPI specification.
Native MCP protocol support via Claude Desktop and Claude Code. Connect locally through stdio transport or remotely via HTTP — both zero-latency options for real-time security testing.
stdio + HTTP transportImport the OpenAPI specification directly into ChatGPT Custom GPT Actions. Build a security-focused GPT that can scan, triage, and report — all through natural conversation.
OpenAPI ActionsConnect through Gemini Extensions using the same OpenAPI specification. Leverage Google's AI to orchestrate your ArmoScan security workflows with natural language commands.
OpenAPI ExtensionsEvery aspect of ArmoScan is accessible through MCP tools. Manage targets, run scans, triage findings, and generate reports — all from your AI chat.
login Authenticate with email, password, and tenantswitch_tenant Switch active tenant for multi-org userslist_targets List all scan targets with search and paginationget_target Get detailed target info including scope and auth strategycreate_target Register a new web application for scanningupdate_target Update target configuration and settingsdelete_target Remove a target and all associated datastart_scan Launch a security scan on a targetget_scan_status Get real-time scan progress and findings countlist_scans List scan history with status and target filterspause_scan Pause a running scanresume_scan Resume a previously paused scancancel_scan Cancel a scan with an optional reasoncompare_scans Compare two scans to track security posture changescreate_scan_schedule Set up recurring scans with cron expressionslist_findings List vulnerabilities with severity, status, and CWE filtersget_finding Get finding details with HTTP evidence and remediationupdate_finding_status Mark findings as Confirmed, False Positive, or Fixedget_findings_summary Get severity and status breakdown in one viewexport_findings Export findings as CSV or JSONlist_attack_chains View AI-detected multi-step attack chainsget_attack_chain Get chain details with linked findings and AI reasoninglist_profiles List available scan profiles and their plugin selectionget_profile Get detailed profile configurationcreate_profile Create a custom scan profile with plugin selectiongenerate_report Generate PDF, HTML, JSON, or CSV security reportslist_reports List all generated reportsdownload_report Get report metadata and download URLlist_plugins Browse 474 security plugins across 15 categoriesget_plugin Get plugin manifest, CWE coverage, and configurationget_plugin_stats View category distribution and coverage statisticsget_dashboard Get security overview with severity breakdownget_trends View scan and finding trends over timeget_infrastructure_score Get SSL, DNS, and header security grade (A+ to F)trigger_infra_scan Launch an infrastructure security assessmentlist_users List tenant users with roles and statusget_audit_logs View timestamped security events with filtersverify_audit_chain Verify audit log integrity (SHA-256 + Ed25519)get_license_status Check plan type, expiration, and feature limitsget_tenant_usage View resource usage against plan limitsMCP resources provide context to the AI, while guided prompts deliver structured security workflows that produce actionable, consistent results.
platform-info
Platform capabilities, plugin categories, and API version reference
severity-levels
Severity definitions (Critical to Info), CVSS ranges, and finding statuses
plugin-categories
All 15 plugin categories with descriptions and example plugins
security-triage
Prioritize findings by severity, category, and business impact
scan-comparison
Analyze security posture changes between two scans
vulnerability-remediation
Generate CWE-based remediation guides with code examples
compliance-check
Assess OWASP Top 10 and PCI-DSS v4.0 compliance
executive-briefing
Generate non-technical C-level security briefings
Choose your AI platform and follow the setup guide. You'll be running security scans from your AI chat in under 5 minutes.
Download and install Claude Desktop from claude.ai/download. Available for macOS, Windows, and Linux.
Open Claude Desktop settings and navigate to the MCP configuration. On macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Add the following configuration to your claude_desktop_config.json:
{
"mcpServers": {
"armoscan": {
"command": "dotnet",
"args": [
"run", "--project",
"/path/to/ArmoScan.McpServer",
"--", "--stdio"
]
}
}
}Close and reopen Claude Desktop. You should see a hammer icon indicating MCP tools are available.
Type a natural language command like "List my scan targets" or "Run a security scan on example.com" — Claude will use ArmoScan tools automatically.
Install Claude Code CLI: npm install -g @anthropic-ai/claude-code
Create or edit .claude/mcp.json in your project directory:
{
"mcpServers": {
"armoscan": {
"command": "dotnet",
"args": [
"run", "--project",
"/path/to/ArmoScan.McpServer",
"--", "--stdio"
]
}
}
}Launch Claude Code with claude in your terminal. ArmoScan MCP tools will be automatically discovered and available for use.
Go to ChatGPT → My GPTs → Create a GPT. Give it a name like "ArmoScan Security Assistant".
In the Configure tab, click Actions → Import from URL and enter:
https://mcp.armoscan.com/openapi.jsonSet authentication type to Bearer Token. Use your ArmoScan API token or configure the GPT to call the login endpoint first.
Save your Custom GPT. Now you can ask it to scan targets, list findings, generate reports, and more — all through natural conversation in ChatGPT.
Navigate to Gemini Extensions settings in Google AI Studio or Gemini app.
Add a new extension and import the ArmoScan OpenAPI spec:
https://mcp.armoscan.com/openapi.jsonConfigure your ArmoScan credentials and test the extension by asking Gemini to list your scan targets or check your security dashboard.
Real-world security workflows powered by natural language. No API documentation needed — just ask.
"The scan finished — prioritize the critical findings and tell me which ones to fix first." The AI uses the security-triage prompt to group findings by severity, assess business impact, and create a prioritized remediation plan.
"Check if our application passes PCI-DSS v4.0 requirements." The AI runs the compliance-check prompt, maps findings to PCI-DSS categories, and produces a PASS/FAIL assessment with remediation roadmap.
"Generate a board-ready security summary for the CTO." The AI uses the executive-briefing prompt to produce a non-technical overview with risk scores, top 5 threats, positive findings, and recommended actions.
"Schedule a nightly scan at 2 AM using the full profile." The AI calls create_scan_schedule with a cron expression, confirms the configuration, and reports back when the schedule is active.
"Show me how to fix the SQL injection on the login page." The AI uses the vulnerability-remediation prompt to generate CWE-specific code fixes, framework-aware best practices, and regression test cases.
"Compare last week's scan with this week's and tell me what changed." The AI analyzes new, fixed, regressed, and recurring findings, provides root cause hypotheses, and tracks your security posture trend.