```html ``` We Checked the MCP Registry: Every Other Security Vendor's MCP Is a Doorway to a Product You Already Pay For. Ours Ships the Intelligence.
top of page

We Checked the MCP Registry: Every Other Security Vendor's MCP Is a Doorway to a Product You Already Pay For. Ours Ships the Intelligence.

  • Writer: Patrick Duggan
    Patrick Duggan
  • 9 minutes ago
  • 4 min read

The Model Context Protocol registry is where AI clients — Claude Desktop, Cursor, and the rest — go to find and install servers that give an agent new abilities. We went through it looking at what the security industry has published, because we have a server there ourselves and we wanted an honest read on how it compares. The answer was cleaner than we expected, and it comes down to one distinction that has nothing to do with tool counts.


Almost every security-vendor MCP in the registry is a doorway. Ours is a source. Here is what that means.



What the Other Security MCPs Actually Are


Pull the security servers off the registry and read what they do. CrowdStrike publishes falcon-mcp, which connects an AI agent to CrowdStrike Falcon. There is a SentinelOne server that wraps SentinelOne's own agent server. There are well-built community servers for Shodan, for VirusTotal, for GreyNoise. Every one of them is a bridge to an API, and every one of them has the same precondition written into it: you must already have an account on the product behind it.


The Falcon MCP does nothing for you unless you are a paying CrowdStrike customer with a Falcon API key. The Shodan MCP is inert without a Shodan key. The VirusTotal and GreyNoise servers need their respective keys. These are, precisely, agent-shaped doorways onto tools you have already bought. That is a genuinely useful thing to build — if you own the product, wiring your AI agent to it is real value — but notice what the server itself carries: nothing. The intelligence lives behind the paywall. The MCP is the doorknob.



What Ours Carries


Our server in the registry is DugganUSA Analytics, codenamed Jeevesus. When an agent connects to it, it does not ask for your license to some other company's product. It answers. It searches 17.9 million threat-intelligence documents — indicators of compromise, the full CISA Known Exploited Vulnerabilities catalog, OTX pulses, adversary profiles. It enriches an indicator against 1.13 million IOCs, most of which are not in the feeds everyone else resells. It reads the STIX feed. It checks whether an npm or PyPI package is malicious before your agent installs it. All of it is public-read. No key, no account, no product you had to buy first.


That is the difference between a doorway and a source. A doorway connects you to intelligence you already pay someone else for. A source hands you intelligence you did not have. If you are a defender with a budget of zero, every gated security MCP in the registry is a locked door, and ours is the one that opens.



We Will Be Honest About the Other Side


Two honest points, because a comparison that only flatters the author is a sales sheet, not an analysis.


First, the gated servers are not bad. CrowdStrike's and SentinelOne's MCPs are powerful precisely because Falcon and SentinelOne are powerful — for their customers, wired to their own telemetry, they do things our public corpus cannot, because we are not an EDR watching your endpoints. We are a different category: a public intelligence source, not an interface to your paid stack. If you own Falcon, use the Falcon MCP; it is good. We are simply the answer for the far larger population that owns none of these.


Second, we ran the whole set — including ourselves — through our own MCP security judge, and it rated everyone the same: advisory, medium, driven by version churn, not compromise. Our own server scored the most findings of the bunch. The entire security-MCP space, us included, is young and iterating fast, and nobody has a clean high horse to stand on. We are not claiming to be the most secure server in the registry. We are claiming to be the one that gives a stranger real intelligence for free, and that claim is checkable in about thirty seconds.



The Part We Do That They Don't


There is one more line, and it is the one we are proudest of. We instrument what we serve. Every call to our MCP is logged to a usage index; we publish the tool-usage trend, the session funnel, and the block-versus-allow split on our package checker at public endpoints. We can tell you how the thing is actually used because we measure it. The wrapper servers ship and walk away. That is the difference between publishing a product and running one.



Why We Bothered Writing This Down


We would rather prove the thing is worth paying for than get clever about making it easy to find. So this is not a discoverability play. It is the honest map of where a threat-intel MCP sits in a registry full of doorways: it is the one you can use without owning anything first, backed by a corpus most feeds do not carry, and measured by the people who run it. If that is worth something to you, it costs nothing to check, which is the whole point. The intelligence comes down the wire. You do not have to buy a door to open it.




Every indicator in this post is in the feed. Free.

1.58M+ IOCs, STIX 2.1 / TAXII, 88% novel vs ThreatFox, exploited-CVE leads ahead of CISA. No credit card — a free API key in 30 seconds, and you can audit every claim above against the live endpoints.


bottom of page