The Vanta MCP (Model Context Protocol) server connects external AI tools (like Claude, Cursor, or Codex) directly to your Vanta account. Check your compliance status, find failing controls, review vendor risk, and investigate vulnerabilities, all from whatever AI tool you already work in, using plain language.
Think of it as giving your AI tool a live window into your compliance program.
⚠️ Note: The Vanta MCP is now available to Organization Admins only. You'll need admin access to connect an AI tool and use the MCP.
What is MCP
Getting two software systems to talk to each other used to require a developer. They'd review both products' API documentation, identify which specific endpoints to call, map the data formats between them, and write the integration code. Any time either side changed, whether it be a new field, a new endpoint, or even updated permissions, someone had to come back in and update the connection. It worked, but every integration was its own project.
MCP is an open standard that changes that model. Instead of hardwiring a specific connection between two systems, MCP gives AI tools a common language for talking to software. Connect your AI tool to an MCP server once, and the AI can figure out what data to ask for and how based on the task you give it, not a predetermined mapping built in advance.
The practical result: your AI tool stays connected to your software without requiring a developer every time something changes or a new workflow comes up.
What it enables
⚠️ Note: Available capabilities may vary depending on your account configuration or plan and pricing. If a query returns no results for an area you know exists in your Vanta account, it may not yet be enabled. Contact Vanta support for details.
Once connected, you can use your AI tool to:
Get instant, synthesized answers about your compliance program including framework status, failing controls, open issues, vendor risk, vulnerabilities, etc.
Ask cross-program questions that would otherwise require visiting multiple pages ("what are the biggest gaps I need to fix before my audit?").
Query people, personnel groups, devices, and access data across your organization.
Search your knowledge base and surface insights from your compliance history.
Investigate vulnerabilities detected across your infrastructure, including CVE metadata and affected assets.
Review data processing activities and vendor privacy posture for GDPR and privacy framework compliance.
Query impact assessments and questionnaires without leaving your AI tool.
Produce outputs from your Vanta data (like status reports, risk summaries, and remediation plans) that you can share with your team or leadership.
Take action directly from your AI tool, including creating or updating risks, updating issues, and uploading policies back into Vanta.
For a full breakdown of what's possible, see Vanta MCP Capabilities and the Vanta MCP Prompt Library.
What you can query
The Vanta MCP gives your AI tool access to the following areas of your compliance program:
Tests and Controls
Frameworks
Risks*
Vulnerabilities
People and Personnel
Access Reviews*
Audits*
Policies and Documents
Questionnaires and Assessments*
Data Processing*
Integrations
Knowledge Base*
* These capabilities may not be active in your account depending on your account configuration or plan and pricing. If a query returns no results for an area you know exists in Vanta, it may not yet be enabled. Contact your Account Manager for details.
For a full breakdown of what's possible in each area, see Vanta MCP Capabilities.
Supported AI tools
The Vanta MCP works with any AI tool that supports remote MCP servers, including:
Claude
Cursor
Perplexity
Codex
If your tool supports MCP, it should be compatible. See Connecting to Vanta MCP for setup instructions.
💡 Tip: Any MCP-connected tool can surface failing tests, pull remediation context from Vanta, and generate Infrastructure-as-Code (IaC) fixes. The Claude Code Vanta plugin adds convenience slash commands (like /vanta:fix-test) and the ability to open draft pull requests directly from your terminal. For full setup instructions across all supported tools, see the Vanta Developer Docs.
Additional resources