Skip to main content
Panguard includes a built-in MCP (Model Context Protocol) server that exposes security tools to AI assistants. This lets you run scans, check Guard status, query threats, and deploy honeypots using natural language through your AI coding assistant.
1

Understand MCP

The Model Context Protocol (MCP) is an open standard for connecting AI assistants to external tools. Panguard’s MCP server exposes security operations as tools that AI assistants can call on your behalf.Supported AI assistants:
AssistantConfig Location
Claude Desktop~/Library/Application Support/Claude/claude_desktop_config.json (macOS)
Cursor.cursor/mcp.json in your project root
Windsurf~/.windsurf/mcp.json
Panguard must be installed and authenticated (panguard login) before the MCP server can function.
2

Add the MCP configuration

Add the Panguard MCP server to your AI assistant’s configuration file:
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
  "mcpServers": {
    "panguard": {
      "command": "panguard",
      "args": ["mcp", "serve"],
      "env": {}
    }
  }
}
After saving, restart your AI assistant for the changes to take effect.
3

Available MCP tools

The Panguard MCP server exposes these tools to your AI assistant:
ToolDescriptionPlan
scan_systemRun a security scan and return findingsCommunity+
guard_statusCheck Guard engine status and recent eventsSolo+
guard_startStart the Guard engineSolo+
guard_stopStop the Guard engineSolo+
get_threatsQuery threat intelligence and IoCsSolo+
deploy_honeypotDeploy a honeypot on a specified service/portPro+
get_attacker_profilesRetrieve attacker profiles from TrapPro+
generate_reportGenerate a compliance reportSolo+
get_security_scoreGet current risk score and gradeCommunity+
list_eventsList recent Guard events with filteringSolo+
Tools respect your plan limits. Attempting to use a Pro-only tool on a Solo plan returns an error with an upgrade prompt.
4

Use natural language for security ops

Once configured, you can interact with Panguard through your AI assistant using natural language:
You: “Scan my system for security issues”The assistant calls scan_system and presents the findings, risk score, and recommendations in a readable format.
You: “Is Guard running? Show me recent alerts.”The assistant calls guard_status followed by list_events to give you a comprehensive status overview.
You: “What do we know about IP 203.0.113.42?”The assistant calls get_threats and get_attacker_profiles to compile a threat dossier.
You: “Generate an ISO 27001 compliance report”The assistant calls generate_report with the ISO 27001 framework and presents the results.
You: “Set up SSH and HTTP honeypots to catch attackers”The assistant calls deploy_honeypot for each service type and confirms deployment.
5

Verify the connection

Test that your AI assistant can reach the Panguard MCP server:
panguard mcp test

  PANGUARD AI - MCP Server

  -- Connection Test ------------------------

  Server:     Running (stdio transport)
  Tools:      10 registered
  Auth:       Authenticated (user@example.com)
  Plan:       Pro

  MCP server is ready for AI assistant connections.

What to do next

MCP product reference

Full documentation of the MCP server architecture and capabilities.

MCP tools reference

Detailed schema for each MCP tool including parameters and return types.

Run your first scan

Understand scan output before using AI-assisted scanning.

Real-time protection

Set up Guard so the AI assistant can monitor and respond to threats.