Vanta MCP
Enables AI assistants to interact with Vanta's security compliance platform to retrieve test results, manage security findings, review controls, and access compliance framework requirements for SOC 2, ISO 27001, HIPAA, and other standards.
What is Vanta MCP?
Vanta MCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to enables ai assistants to interact with vanta's security compliance platform to retrieve test results, manage security findings, review controls, and access compliance framework requirements for soc 2,...
Enables AI assistants to interact with Vanta's security compliance platform to retrieve test results, manage security findings, review controls, and access compliance framework requirements for SOC 2, ISO 27001, HIPAA, and other standards.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Enables AI assistants to interact with Vanta's security comp
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx vanta-mcp-serverConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Vanta MCP
The Vanta MCP Server is a TypeScript MCP server published by Vanta Inc. that connects AI assistants to Vanta's security and compliance platform, enabling them to query test results, review controls, enumerate compliance frameworks, inspect security findings, and manage vulnerabilities — all without opening the Vanta dashboard. Security engineers and compliance teams can use it to give Claude or another AI agent real-time visibility into their SOC 2, ISO 27001, HIPAA, and other compliance postures, accelerating evidence gathering, audit preparation, and remediation triage.
Prerequisites
- Node.js 18 or newer installed
- A Vanta account with access to the developer dashboard to create an OAuth application
- OAuth client credentials (client_id and client_secret) from Vanta's developer console
- An MCP-compatible client such as Claude Desktop or Cursor
Create a Vanta OAuth application
Log in to your Vanta account, navigate to the developer dashboard, and create a new application to obtain a client_id and client_secret. Note that Vanta allows only one active access token per application.
Store your OAuth credentials in a JSON file
Create a local JSON file with your credentials. The VANTA_ENV_FILE environment variable must point to the absolute path of this file.
{
"client_id": "your_client_id_here",
"client_secret": "your_client_secret_here"
}Add the server to your MCP client configuration
Open claude_desktop_config.json and add the vanta entry. Set VANTA_ENV_FILE to the absolute path of your credentials file.
{
"mcpServers": {
"vanta": {
"command": "npx",
"args": ["-y", "@vantasdk/vanta-mcp-server"],
"env": {
"VANTA_ENV_FILE": "/absolute/path/to/vanta-credentials.json"
}
}
}
}Restart your MCP client
Fully quit and relaunch Claude Desktop (or your chosen MCP client) so it picks up the new server.
Verify the connection
Ask the AI to list your Vanta controls or compliance frameworks. A successful response confirms OAuth authentication worked.
Vanta MCP Examples
Client configuration
claude_desktop_config.json entry using npx to run the official @vantasdk/vanta-mcp-server package. VANTA_ENV_FILE must be an absolute path to the JSON credentials file.
{
"mcpServers": {
"vanta": {
"command": "npx",
"args": ["-y", "@vantasdk/vanta-mcp-server"],
"env": {
"VANTA_ENV_FILE": "/Users/yourname/.config/vanta/credentials.json"
}
}
}
}Prompts to try
These prompts cover the main compliance and security operations the Vanta MCP server exposes.
- "List all failing security tests in our AWS integration that affect SOC 2."
- "Show me the controls we still need to validate for ISO 27001."
- "Which compliance frameworks has our organisation adopted in Vanta?"
- "List open vulnerabilities that are currently marked as needing attention."
- "Give me a summary of connected integrations in Vanta."Troubleshooting Vanta MCP
Authentication fails — 'invalid client credentials' error
Verify that client_id and client_secret in your credentials JSON are correct and that the file path in VANTA_ENV_FILE is an absolute path (not relative). Regenerate credentials from the Vanta developer dashboard if unsure.
VANTA_ENV_FILE not found error on startup
The path in VANTA_ENV_FILE must be an absolute path to the credentials JSON file. Use the full path (e.g. /Users/you/.config/vanta/credentials.json) rather than ~/. The tilde is not expanded in MCP env blocks.
Only one session can be active — token revoked unexpectedly
Vanta enforces a single active access token per OAuth application. If you have multiple clients or tools using the same credentials, each new token invalidates the previous one. Create separate OAuth applications for each client integration.
Frequently Asked Questions about Vanta MCP
What is Vanta MCP?
Vanta MCP is a Model Context Protocol (MCP) server that enables ai assistants to interact with vanta's security compliance platform to retrieve test results, manage security findings, review controls, and access compliance framework requirements for soc 2, iso 27001, hipaa, and other standards. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Vanta MCP?
Follow the installation instructions on the Vanta MCP GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Vanta MCP?
Vanta MCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Vanta MCP free to use?
Yes, Vanta MCP is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.
Vanta MCP Alternatives — Similar Security Servers
Looking for alternatives to Vanta MCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Vanta MCP in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Vanta MCP?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.