Cybersecurity
MCP Services

PROCESSING PIPELINE ════════════════════════════════════════════════════════════ Step 1: Scrape target domain /security, /trust, /compliance, /certifications Step 2: Query domain DB for IAB category, domain age, country of origin Step 3: Send scraped content to GPT-4o with security posture assessment prompt Step 4: AI extracts certifications, audit dates, security practices, incident mentions Step 5: Cross-reference claimed certifications against known auditor registries Step 6: Score overall posture (0-100) across confidentiality, integrity, availability Step 7: Generate structured risk report with approval/rejection recommendation

MCP RESPONSE — vendor_security_posture_assessor ════════════════════════════════════════════════════════════ vendorcloud.com | IAB: Technology | PageRank: 5.8/10 | Age: 3,214 days SECURITY POSTURE SCORE: 81/100 (Strong) CERTIFICATIONS DETECTED: SOC 2 Type II: Verified — audit date 2025-09-15, auditor: Deloitte ISO 27001:2022: Verified — certificate #ISO-2025-88714 PCI DSS v4.0: Claimed on /security page but no certificate reference HIPAA: Not mentioned anywhere on site SECURITY PRACTICES: Encryption: AES-256 at rest, TLS 1.3 in transit documented Access control: RBAC, MFA enforced, SSO via SAML 2.0 Penetration testing: Annual pen test mentioned (last: Q3 2025) Bug bounty: No bug bounty or VDP program detected INCIDENT HISTORY: 2024-08-12: Minor data exposure — 200 records, resolved in 4 hours Full incident report published with root cause analysis No incidents in past 18 months RECOMMENDATION: APPROVED — Strong posture with minor gaps in PCI evidence

PROCESSING PIPELINE ════════════════════════════════════════════════════════════ Step 1: Scrape target domain /security, /privacy, /notices, /blog for breach disclosures Step 2: Query public breach databases and regulatory filings for domain matches Step 3: Send extracted content to GPT-4o for breach detail extraction Step 4: AI parses: affected user counts, data types exposed, attack vectors Step 5: Calculate response timeline metrics (discovery-to-disclosure latency) Step 6: Cross-reference with domain DB for company size and risk context Step 7: Generate breach history profile with risk severity scoring

MCP RESPONSE — data_breach_disclosure_scanner ════════════════════════════════════════════════════════════ paymentservices-global.com | IAB: Financial Services | Lookback: 36 months BREACH HISTORY: 3 incidents found INCIDENT 1 — 2025-11-03 (CRITICAL): Type: SQL injection — customer PII exfiltration Records affected: 2.4M customer records Data exposed: Names, emails, last-4 CC digits, transaction history Discovery-to-disclosure: 47 days (exceeds 30-day best practice) Regulatory action: GDPR fine pending — EU DPA investigation open INCIDENT 2 — 2025-03-18 (MODERATE): Type: Third-party vendor breach (CRM provider) Records affected: 180K email addresses Discovery-to-disclosure: 12 days Resolution: Vendor terminated, data contained INCIDENT 3 — 2024-07-22 (LOW): Type: Misconfigured S3 bucket — internal documents exposed Records affected: Non-PII internal docs, 48-hour window Discovery-to-disclosure: 6 days RISK ASSESSMENT: Breach frequency: 3 in 36 months (above industry avg of 0.8) Response maturity: Improving but inconsistent disclosure timelines ELEVATED RISK — Recommend enhanced monitoring and contractual protections

PROCESSING PIPELINE ════════════════════════════════════════════════════════════ Step 1: Connect to each domain and extract SSL/TLS certificate chain Step 2: Analyze certificate: issuer, validity dates, key size, signature algorithm Step 3: Probe HTTP security headers: HSTS, CSP, X-Frame-Options, X-Content-Type Step 4: Test cipher suite support and TLS version compatibility Step 5: Check Certificate Transparency logs for anomalous issuances Step 6: Score transport security posture (A+ to F grading)

MCP RESPONSE — security_certificate_checker ════════════════════════════════════════════════════════════ BATCH: 4 vendor domains analyzed (12 endpoints total) vendorcloud.com — Grade: A Certificate: Let's Encrypt R3 | RSA 2048 | Valid until 2026-06-14 TLS versions: 1.2, 1.3 only (1.0/1.1 disabled) HSTS: Enabled, max-age=31536000, includeSubDomains CSP: Strict policy with nonce-based script allowlist Cipher suites: Strong — ECDHE+AESGCM preferred legacy-erp-vendor.com — Grade: D Certificate: GoDaddy CA | RSA 2048 | Expires in 11 days TLS versions: 1.0 still enabled (PCI non-compliant) HSTS: Not configured CSP: Missing entirely Cipher suites: Weak — RC4, 3DES still accepted api.datapartner.io — Grade: B- Certificate: DigiCert EV | RSA 4096 | Valid until 2027-01-22 TLS versions: 1.2, 1.3 only HSTS: Enabled but max-age only 86400 (too short) CSP: Permissive — unsafe-inline allowed CT logs: 2 unexpected certificate issuances detected in past 90 days ALERTS: legacy-erp-vendor.com: Certificate expires in 11 days — immediate action required legacy-erp-vendor.com: TLS 1.0 enabled — fails PCI DSS requirement api.datapartner.io: Anomalous CT log entries — verify certificate ownership

PROCESSING PIPELINE ════════════════════════════════════════════════════════════ Step 1: Crawl target domain (up to N pages) capturing all external resources Step 2: Parse HTML for embedded scripts, iframes, tracking pixels, API calls Step 3: Scrape /integrations and /partners pages for declared integrations Step 4: Look up each third-party domain in 100M DB for category, age, country Step 5: AI classifies risk level per integration: data access scope, attack surface Step 6: Map integrations to risk categories and calculate aggregate exposure Step 7: Generate integration dependency graph with risk heat scoring

MCP RESPONSE — third_party_integration_risk_mapper ════════════════════════════════════════════════════════════ bankingapp-premier.com | Pages crawled: 25 | Integrations found: 34 HIGH RISK INTEGRATIONS (5): analytics-unknown.xyz — CRITICAL Type: Tracking script | Domain age: 47 days | Country: RU Access: Full DOM access, cookie read/write, keylogging capability DB category: Uncategorized — not in 100M database cdn-payment-lib.com — HIGH Type: Payment JS library | Domain age: 312 days | Country: US Access: Payment form data, card number fields DB category: Technology — no payment processor affiliation found MEDIUM RISK INTEGRATIONS (12): hotjar.com — MEDIUM Type: Session recording | Country: US | PageRank: 6.2 Access: Full session replay, form field capture enabled intercom.io — MEDIUM Type: Chat widget | Country: US | PageRank: 7.1 Access: User identity data, conversation history LOW RISK INTEGRATIONS (17): Google Analytics, Cloudflare CDN, Font Awesome, Google Fonts... RISK SUMMARY: Total third-party domains: 34 | Data-access integrations: 17 CRITICAL: analytics-unknown.xyz — unknown origin, recommend immediate removal Supply chain attack surface: 5 scripts with payment/PII access

PROCESSING PIPELINE ════════════════════════════════════════════════════════════ Step 1: Scrape target domain for security pages, privacy policy, technology indicators Step 2: Analyze SSL/TLS configuration and HTTP security headers Step 3: Detect technology stack from headers, page source, and meta tags Step 4: Query domain DB for company profile, category, and peer benchmarks Step 5: AI evaluates: security maturity, data handling, compliance posture Step 6: Calculate composite cyber risk score with industry-adjusted weighting Step 7: Map risk score to insurance premium tier and coverage recommendations

MCP RESPONSE — cyber_insurance_risk_scorer ════════════════════════════════════════════════════════════ healthdata-corp.com | IAB: Healthcare | Data sensitivity: Critical CYBER RISK SCORE: 58/100 (Moderate-High Risk) SECURITY POSTURE FACTORS: TLS configuration: A grade — TLS 1.3, strong ciphers Security headers: B- grade — CSP present but permissive Certifications found: SOC 2 Type II, HITRUST CSF Vulnerability disclosure: No VDP or bug bounty program MFA indicators: SSO/SAML documented on /security page TECHNOLOGY RISK FACTORS: CMS: WordPress 6.1 (2 minor versions behind) Third-party scripts: 28 external domains loaded Payment processing: Stripe.js (PCI-compliant processor) Known CVEs in stack: 3 medium-severity CVEs in detected libraries INDUSTRY BENCHMARK: Healthcare sector avg: 64/100 | This company: 58/100 (below avg) Peer percentile: 38th percentile Primary gap: Vulnerability management and patching cadence INSURANCE ASSESSMENT: Premium tier: Tier 3 of 5 (elevated) Estimated premium factor: 1.4x base rate Coverage recommendation: $5M minimum — healthcare data breach exposure Conditions: Require VDP program and patch SLA before binding

PROCESSING PIPELINE ════════════════════════════════════════════════════════════ Step 1: Fetch target domain and capture full HTTP response headers Step 2: Parse HTML source for framework fingerprints, meta generators, script tags Step 3: Analyze JavaScript files for library signatures and version strings Step 4: Detect CDN, WAF, and hosting provider from headers and DNS records Step 5: Cross-reference detected versions against NVD/CVE databases Step 6: Calculate attack surface score based on stack complexity and known issues

MCP RESPONSE — website_technology_stack_analyzer ════════════════════════════════════════════════════════════ enterprise-banking.com | Pages analyzed: 10 TECHNOLOGY STACK: SERVER & HOSTING: Web server: nginx/1.25.4 (current) Hosting: AWS (us-east-1) — detected via headers CDN: Cloudflare — WAF enabled DNS: Cloudflare DNS with DNSSEC APPLICATION FRAMEWORK: CMS: WordPress 6.3.2 (current: 6.5.1 — 2 versions behind) PHP: 8.1.x (detected via X-Powered-By — should be hidden) Theme: Custom theme — no known vulnerabilities Plugins detected: 14 plugins (large attack surface) JAVASCRIPT LIBRARIES: jQuery: 3.5.1 (CVE-2020-23064 — XSS vulnerability) React: 18.2.0 (current) Lodash: 4.17.15 (CVE-2021-23337 — command injection) Bootstrap: 5.3.0 (current) ANALYTICS & TRACKING: Google Analytics 4, HubSpot, Hotjar, Facebook Pixel Total external scripts: 22 third-party domains CVE SUMMARY: Critical: 0 | High: 1 | Medium: 3 | Low: 2 jQuery 3.5.1: Upgrade to 3.7+ to resolve XSS vector Lodash 4.17.15: Upgrade to 4.17.21+ for injection fix ATTACK SURFACE SCORE: 62/100 (Moderate) 14 plugins + 22 external scripts = expanded attack surface 2 JS libraries with known CVEs require immediate patching

PROCESSING PIPELINE ════════════════════════════════════════════════════════════ Step 1: Scrape /security, /trust, /compliance pages and capture full HTML Step 2: Take high-resolution screenshots of badge/certification sections Step 3: Send screenshots to GPT-4o Vision for badge identification and OCR Step 4: AI extracts: badge type, issuer, date, certificate number, linked URL Step 5: Follow badge links to verify against issuer registries where possible Step 6: Cross-reference certificate dates against current validity periods Step 7: Classify each badge: VERIFIED / UNVERIFIABLE / EXPIRED / SUSPICIOUS

MCP RESPONSE — security_compliance_badge_verifier ════════════════════════════════════════════════════════════ fintech-saas-vendor.com | Badges detected: 6 BADGE VERIFICATION RESULTS: SOC 2 Type II Visual: Official AICPA badge detected Certificate link: Links to audit report portal (authenticated) Audit date: 2025-08-20 — within 12-month validity Auditor: Ernst & Young — verified on AICPA registry Status: VERIFIED ISO 27001:2022 Visual: BSI certification mark detected Certificate #: IS 782341 — found in BSI registry Expiry: 2026-04-15 — valid but expires in 44 days Status: VERIFIED — approaching renewal PCI DSS Level 1 Visual: Generic PCI logo (not official council badge) Certificate link: No link — badge is decorative image only AoC reference: No Attestation of Compliance referenced Status: UNVERIFIABLE — no evidence of valid assessment HIPAA Compliant Visual: Custom-made "HIPAA Compliant" badge (no official standard) Note: HIPAA has no official certification — badge is misleading BAA mention: Business Associate Agreement referenced in text Status: MISLEADING — no certification exists for HIPAA SUMMARY: Verified: 2 (SOC 2, ISO 27001) Unverifiable: 1 (PCI DSS) | Misleading: 1 (HIPAA) ACTION: Request PCI DSS AoC directly from vendor before onboarding

PROCESSING PIPELINE ════════════════════════════════════════════════════════════ Step 1: Scrape /api, /docs, /developers, /api-reference pages Step 2: Detect API specification format (OpenAPI/Swagger, GraphQL, REST) Step 3: Send documentation to GPT-4o for security practice extraction Step 4: AI evaluates: auth methods, rate limits, input validation, error handling Step 5: Map findings against OWASP API Security Top 10 checklist Step 6: Score API security documentation maturity (0-100)

MCP RESPONSE — api_security_documentation_reviewer ════════════════════════════════════════════════════════════ datavendor-api.com | API docs found at: /docs, /api-reference API SECURITY MATURITY: 54/100 (Below Average) AUTHENTICATION: Method: OAuth 2.0 with PKCE flow documented API keys: Also supports static API keys (less secure fallback) Token expiry: Access tokens: 1 hour, refresh tokens: 30 days MFA: No MFA requirement documented for API key generation RATE LIMITING: Documented: Yes — 1,000 req/min for standard, 10,000 for enterprise Error codes: 429 Too Many Requests with Retry-After header Per-endpoint limits: Not documented — only global limits shown INPUT VALIDATION: Request validation: Schema referenced but no validation rules shown SQL injection: No parameterized query documentation File upload: Accepts file uploads with no documented size/type limits OWASP API TOP 10 COVERAGE: API1 (Broken Auth): OAuth 2.0 documented API2 (Broken Auth): No object-level auth described API3 (Data Exposure): Response filtering mentioned, not detailed API4 (Resource Limits): Only global rate limits API5 (Function Auth): No role-based endpoint access docs API6 (Mass Assignment): Read-only fields documented Coverage: 3/10 addressed, 3/10 partial, 4/10 missing RECOMMENDATION: Significant API security documentation gaps — request vendor clarification before granting production data access to this API integration

PROCESSING PIPELINE ════════════════════════════════════════════════════════════ Step 1: Generate typosquat and homoglyph variations of target domain Step 2: Query 100M domain DB for all variations — check registration status Step 3: Cross-reference domain and variations against public threat intelligence feeds Step 4: Scrape active lookalike domains to assess impersonation intent Step 5: AI analyzes scraped content for brand impersonation and phishing indicators Step 6: Enrich with domain DB data: registration date, country, category, PageRank Step 7: Generate exposure report with takedown priority recommendations

MCP RESPONSE — dark_web_domain_exposure_checker ════════════════════════════════════════════════════════════ premier-bank.com | Variations checked: 847 | Threat feeds: 4 EXPOSURE SUMMARY: 12 threats detected ACTIVE PHISHING DOMAINS (3): premier-bank-login.com — CRITICAL Registered: 2026-02-14 (16 days ago) | Country: NG Content: Exact clone of login page — credential harvesting Threat feeds: Listed on PhishTank, OpenPhish DB status: Not in 100M DB — brand new domain premierbank-secure.com — CRITICAL Registered: 2026-01-28 (33 days ago) | Country: RU Content: Fake mobile banking portal with SMS phishing Threat feeds: Listed on URLhaus premier-bnk.com — HIGH Registered: 2025-11-02 | Country: UA Content: Redirect to survey scam using bank branding TYPOSQUAT REGISTRATIONS (6): premierr-bank.com — Parked | Registered 2025-06-14 | US premieer-bank.com — Parked | Registered 2025-08-21 | CN premier-bonk.com — Active (gambling redirect) | CW + 3 more parked typosquats THREAT FEED MENTIONS (3): premier-bank.com credentials found in 2 paste site dumps Brand mentioned in 1 dark web forum discussion (access broker) TAKEDOWN PRIORITY: P1: premier-bank-login.com — active credential harvesting (URGENT) P1: premierbank-secure.com — active SMS phishing campaign P2: premier-bnk.com — active scam with brand abuse

PROCESSING PIPELINE ════════════════════════════════════════════════════════════ Step 1: Check for /.well-known/security.txt (RFC 9116 compliance) Step 2: Scrape /security, /status, /privacy, /trust pages for IR indicators Step 3: Detect status page infrastructure (Statuspage, Instatus, custom) Step 4: AI extracts: security contacts, VDP terms, response commitments Step 5: Analyze status page history for incident communication quality Step 6: Query domain DB for organizational context and peer comparison Step 7: Score IR readiness across 5 dimensions and generate gap analysis

MCP RESPONSE — incident_response_readiness_assessor ════════════════════════════════════════════════════════════ cloud-payroll-vendor.com | IAB: Technology | PageRank: 4.9/10 IR READINESS SCORE: 52/100 (Below Average) SECURITY.TXT (RFC 9116): File exists: No — /.well-known/security.txt returns 404 Security contact: [email protected] found on /security page PGP key: Not published Non-compliant with RFC 9116 — no standardized disclosure channel STATUS PAGE: Exists: Yes — status.cloud-payroll-vendor.com (Statuspage.io) Uptime displayed: 99.94% over 90 days Last incident: 2026-02-08 — "Elevated API latency" (22 min duration) Update frequency: Updates posted every 15 minutes during incidents Post-mortem published: No post-mortem for last 3 incidents VULNERABILITY DISCLOSURE POLICY: VDP exists: Partial — brief mention on /security page Scope defined: No — no in-scope/out-of-scope assets listed Safe harbor: No safe harbor language for security researchers Response SLA: No committed response timeline published Bug bounty: No bounty program detected COMMUNICATION INFRASTRUCTURE: Security email: security@ exists and accepts mail Dedicated security page: Yes — /security with practices overview Privacy policy: Current — last updated 2026-01-15 Breach notification: No breach notification procedure documented READINESS DIMENSIONS: Detection capability: 68/100 (status page with monitoring) Communication: 55/100 (status page good, no post-mortems) Disclosure channel: 32/100 (no security.txt, weak VDP) Response maturity: 48/100 (no SLAs, no documented procedures) Recovery evidence: 56/100 (incidents resolved but not analyzed) RECOMMENDATION: Require vendor to implement security.txt and formal VDP before renewal Request incident response plan documentation as contract condition