Five Minutes To Make Claude Code A Threat-Intel-Aware Defender. Add Jeevesus And Dredd As MCP Servers.

The activation problem in defender tooling is the curl wall. A SOC analyst registers for a STIX feed, gets a key, sees an example curl command, copies it, gets a 401 because they pasted the key wrong, never comes back. Three quarters of the keys we have ever issued never made a first call. We published the funnel data on that yesterday.

The MCP path does not have the curl wall. If you run Claude Code, Cursor, Cline, ChatGPT desktop, or any other MCP client, you can wire two DugganUSA servers into your agent loop in five minutes. After that, every defender question you ask your agent gets answered against the DugganUSA threat-intel corpus by default. No curl. No 401. No pasted-key recovery.

This post is the five-minute setup. Two MCP servers, one Bearer token, three first questions to test it.

What you get

Two MCP servers, both stateless HTTP, both authenticated by the same Bearer token.

The first server is jeevesus, the read-side. Three tools: search, enrich-ioc, stix-feed-summary. search is natural-language query against the iocs index. enrich-ioc takes a single indicator (IP, domain, hash) and returns the cross-index correlation. stix-feed-summary returns a digest of what is hot in the corpus over a configurable time window.

The second server is dredd, the judge-side. One tool: check_mcp_server. Given an MCP server name and optionally a version or specific tool, dredd returns a verdict (BLOCK, ADVISORY, or ALLOW) covering both the server's own reputation in our corpus and its directly-declared dependency graph. The verdict is HMAC-signed.

Together: read-side intelligence and pre-flight server vetting, both available as one-tool-call interactions inside any agent loop.

Step one — get the key

Register at analytics.dugganusa.com/stix/register. The page returns a Bearer token in sixty seconds. The free tier is five hundred queries per day across both servers combined. Save the token. You will paste it in step two.

If you already registered and lost the key, register again — there is no recovery flow yet, and creating a second key under a different email is fine. Slice two for our registration system is per-user key rotation; not today.

Step two — add the MCP servers to your client

The configuration shape differs by client but the endpoints are the same. The jeevesus MCP endpoint is analytics.dugganusa.com/api/v1/jeevesus/mcp. The dredd MCP endpoint is analytics.dugganusa.com/api/v1/dredd/mcp. Both speak streamable-HTTP JSON-RPC. Both accept the Bearer token in the Authorization header.

In Claude Code, the configuration lives in your .mcp.json or your settings depending on your version. The shape is a top-level mcpServers object with two entries — one named jeevesus and one named dredd — each with a type of "http" or "streamable_http" (your client documentation will say which), a url field set to the matching endpoint above, and a headers object containing the Authorization header set to "Bearer YOURKEY" where YOURKEY is the token from step one.

In Cursor, the equivalent file is mcp.json under the project root or in your global Cursor config. Same shape.

In Cline and ChatGPT desktop, the mechanism is the integrations panel in the settings UI — paste the endpoint URL and the Authorization header value into the corresponding fields.

Save the file. Restart your client. The two servers will appear as connected. You should see four tools advertised: search, enrich-ioc, stix-feed-summary from jeevesus and check_mcp_server from dredd.

Step three — ask three first questions

Open a new conversation with your agent. Ask the questions below in order.

First question: "Use the jeevesus search tool to find Russian command-and-control infrastructure that is active this week." Your agent will invoke jeevesus.search with that natural-language query, the DugganUSA corpus will return the matching indicators, and the agent will summarize what came back. If the response includes indicators tagged with Sofacy, APT 29, Sandworm, or similar Russian-attributed families with first-seen dates within the last seven days, the integration is working.

Second question: "Use jeevesus.enrich-ioc to look up 196.251.83.162." This is a real ShinyHunters infrastructure IP that we have had indexed since April 2. The enrichment should return the ShinyHunters tag, the EclecticIQ source, the first-seen date, and the ransomware threat-type. If you get that response, the cross-index lookup is working.

Third question: "Use dredd.check_mcp_server to vet the server named filesystem before I install it." Dredd will look up filesystem in our mcp_servers index, return the resolved coordinates if found, scan the directly-declared dependency graph against our IOC corpus, and emit a verdict. The expected verdict for a clean server is ALLOW. The expected verdict for a server with compromised dependencies is BLOCK with a compromised_dependency finding. If you get a structured response with the dep_graph field populated, dredd is working.

If all three queries return useful structured responses, your agent is now a threat-intel-aware defender. Every future security question you ask the agent will route through DugganUSA's corpus as a first-class source.

What you have just changed

Before this five-minute setup, the agent answered defender questions from its training data, which is months stale and not curated for threat-intel. After this setup, the agent answers from a 1.15-million-IOC corpus with hourly cron updates, a daily github-hunt sweep, a hundred-plus blog posts of authored analysis, an explicit adversary index with 366 named threat actors and full synonym graphs, an mcp_servers index for supply-chain attestation, and a cisa-kev integration for federal patching cadence.

The agent does not need to know how to construct a curl command. The agent does not need to remember your Bearer token. The agent does not need to be told to consult threat-intel before answering. The MCP integration is what makes those things default behavior. Once it is in your config, every defender conversation gets the corpus underneath it.

Why we built it this way

We use Claude Code to operate every part of the DugganUSA platform — every cron, every detection pipeline, every blog post, every deployment. The MCP integration is not theoretical for us. We dogfood it daily. The four-tier-of-AI-in-cybercrime post we published yesterday named Tier 4 as the structurally-new attack surface where the defender stack is structurally blind. Adding our MCP servers to your stack is the same configuration shape attackers are starting to weaponize via the .claude/settings.json hook abuse class — except in our case the configuration is a defender-side intelligence amplifier, not an offensive persistence mechanism.

The Tier 4 capability is bidirectional. Operators can weaponize agentic-AI configuration files for persistence. Defenders can weaponize agentic-AI configuration files for intelligence routing. Whichever side moves faster wins the asymmetry.

What slice two adds

The free tier covers most individual analysts' daily use. The starter tier at forty-five dollars per month raises the caps for teams. Slice two for the MCP integration is the public transparency log of every dredd verdict — a signed stream of "we judged server X at time T as verdict V" that defenders can subscribe to as a feed and that builds an immutable audit trail for procurement review. Slice three is transitive dependency walking on dredd, parsing package-lock.json and poetry.lock for the exact resolved transitive set and walking the full graph behind a deep flag on the tool call.

Both are queued. The current five-minute setup gets you the foundation. The receipts compound from here.

That is the setup. That is the path. Five minutes from this paragraph to a threat-intel-aware Claude Code session.

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com