HUMAN Security launches open-source MCP server for AI threat analysis

On July 24, 2025, HUMAN Security announced the open-source release of its Model Context Protocol Server, creating a bridge between AI assistants and the company's threat intelligence infrastructure. The launch represents a shift toward conversational security interfaces, allowing security teams to query complex data through natural language rather than traditional dashboards.

The MCP Server connects AI assistants like Claude and Cursor directly to HUMAN's threat detection APIs. Security analysts can now ask questions in plain English and receive answers backed by threat intelligence that monitors over 20 trillion interactions per week globally. This approach eliminates the need to navigate multiple interfaces or write custom queries to access security data.

The announcement described the system as enabling security teams to interact with threat data "in the most human way possible: by talking to it." The server processes queries in real-time, pulling information from HUMAN's Sightline Cyberfraud Defense and Client-side Defense products. Results include attack trends, user security profiles, cluster forensics, and compliance status.

Technical implementation and requirements

The MCP Server operates locally on security team infrastructure. Once configured with HUMAN API credentials, the server interprets queries between AI assistants and HUMAN's APIs. The system requires an active HUMAN account, valid API credentials, an MCP-compatible AI client, and Node Package Manager installed on the user's computer.

The architecture relies on the Model Context Protocol, developed by Anthropic. MCP provides standardized connections between AI systems and data sources, enabling large language models to access external APIs in a controlled manner. OpenAI CEO Sam Altman announced in March 2025 that OpenAI would add support for Anthropic's MCP across its products, indicating growing industry adoption of the protocol.

HUMAN's implementation allows security teams to query specific attack types, investigate suspicious accounts, review cluster status, and assess traffic security posture through conversational prompts. The system can generate visualizations based on queries, transforming text requests into dashboard displays showing threat summaries from specified time periods.

Cyberfraud defense capabilities

The server provides access to attack trend analysis across multiple dimensions. Security teams can request breakdowns by attack type, including account takeover, scraping, and abuse. Time-series data shows active campaigns, targeted endpoints, and defense responses. The system tracks sophistication scores, bot signatures, spoofing behavior, IP reputation, and attack cluster information.

Account investigations deliver comprehensive security profiles for individual users. Queries return risk scores, behavior anomalies, incident timelines, known triggers, and transaction patterns. The server can analyze overall traffic security posture in real-time, calculating ratios between legitimate and blocked requests, attack volume trends, web versus mobile threats, and security control effectiveness.

According to the Association of National Advertisers' Q1 2025 Programmatic Transparency Benchmark, only 41% of programmatic ad spend resulted in quality impressions. This means nearly 60% of spend was lost to non-quality inventory, representing an estimated $21.6 billion in unrealized media value globally. HUMAN's conversational security approach addresses these inefficiencies by reducing time-to-insight for fraud detection.

Client-side security integration

The MCP Server connects to HUMAN's Client-side Defense product, enabling queries about third-party scripts running on payment pages. Security teams can request complete lists of scripts by page, including vendor attribution, risk levels, PCI DSS compliance status, and known vulnerabilities with CVE identifiers. This visibility helps organizations understand their supply chain through single questions.

Compliance auditing capabilities analyze security headers against PCI DSS requirements. The system evaluates content security policies, HTTP Strict Transport Security settings, and other header configurations. Results include actionable fixes mapped to specific compliance requirements. Security teams can query recent client-side incidents to view DOM injections, script anomalies, and cross-site scripting attempts with risk scores, timestamps, and affected URLs.

Vendor risk analysis provides ranked assessments based on behavior, privileges, known vulnerabilities, and access patterns. The server identifies which vendors pose the highest risk to checkout flows, helping security teams prioritize mitigation efforts. HUMAN's dashboard provides the comprehensive view that security professionals can now query conversationally.

OpenAI integration and allowlisting

OpenAI documented HUMAN's integration as part of its ChatGPT agent allowlisting system. The documentation explains that ChatGPT agent signs every outbound HTTP request using the HTTP Message Signatures standard, enabling organizations to verify authentic traffic. HUMAN appears in two allowlisting configurations for the ChatGPT agent.

HUMAN Sightline categorizes ChatGPT agent as a trusted AI agent in its Known Bots & Crawlers system. Organizations using Sightline or Bot Defender can enable the agent by navigating to policies, selecting traffic policy settings, searching for ChatGPT Agent, and changing the rule to allow. No custom signature verification is required because HUMAN performs this validation.

AgenticTrust, HUMAN's newer product, provides cryptographic verification of ChatGPT agent activity. The system monitors intent in every session and permits the agent to read, log in, and make purchases by default. Organizations can modify these permissions by accessing policies, searching for ChatGPT Agent, and granting or revoking specific permissions as needed.

The integration between HUMAN and OpenAI reflects broader industry coordination around AI agent security. ChatGPT's instant checkout capabilities launched on September 29, 2025, enabling direct purchases through conversational interfaces. This commerce functionality requires robust security infrastructure to prevent fraud while maintaining user experience.

Industry context and agentic commerce

The MCP Server launch occurs as organizations grapple with AI agent governance. According to HUMAN Security's annual cybersecurity report released in 2024, 80% of companies using HUMAN's platform chose to block known large language model user-agents. Concerns included intellectual property theft, content scraping, and AI-enhanced cyber attacks. This widespread blocking demonstrated the tension between AI adoption and security requirements.

AgenticTrust addresses these concerns by providing visibility into AI agent behavior. The product surfaces, classifies, and governs AI agents with adaptive trust mechanisms. Organizations can allow beneficial automation while stopping abuse and protecting business operations without sacrificing growth. Google Cloud's survey of 3,466 executives in 2025 revealed that 88% of early adopter organizations implementing AI agents reported positive return on investment.

The conversational security model aligns with predictions that AI agents will become mainstream business infrastructure. McKinsey research estimated that generative AI's impact on productivity could add trillions of dollars in value to the global economy, with AI agents playing a critical role. The economic impact depends on organizations safely integrating AI capabilities into operations.

HUMAN's approach differs from consumer AI tools by focusing on enterprise security requirements. MIT research examining 300 AI initiatives identified a fundamental difference between tools like ChatGPT that enhance individual productivity and enterprise implementations affecting profit and loss performance. The MCP Server targets operational security rather than general productivity.

Product updates and roadmap

The Q3 2025 product update document detailed several enhancements beyond the MCP Server. HUMAN Sightline Cyberfraud Defense added direct Auth0 actions, critical health alerts, and improved user search functionality. The detection changes audit page provides visibility into updates from the previous seven days, highlighting new active detectors, updates to existing detectors, deletions, and enablement status changes.

AgenticTrust established itself as an innovation in agentic commerce security during Q3 2025. The product empowers customers with full visibility and governance over consumer AI agents. Organizations can detect and classify AI agents, verify trust levels, and govern how agents interact with web applications. The system evaluates intent behind each agent-initiated interaction.

Client-side Defense added aggregated PCI DSS dashboard views, webhook integrations, and API list updates. Customers can now view their PCI DSS dashboard and inventory across multiple application IDs and host domains simultaneously. The webhook integration allows self-configurable notifications across channels. Organizations can receive alerts for client-side incidents on checkout pages, PCI DSS notifications for scripts and headers, and configurable summary reports.

HUMAN's advertising protection platform enhanced compliance capabilities and integration health tools. The compliance dashboard added fields including inventory partner domain, owner domain, seller relationship, first ad system, and seller identifiers. Monthly usage reports became available for MediaGuard and FraudSensor, allowing customers to receive proactive notifications about request volumes.

Security implementation considerations

The MCP Server requires organizations to maintain security best practices while gaining conversational capabilities. The server runs locally, ensuring that threat intelligence queries remain within organizational infrastructure. API credentials provide access controls, limiting which users can query specific data sets. The architecture separates the conversational interface from the underlying security intelligence.

Organizations must verify that intermediate proxies preserve signature headers, including Signature, Signature-Input, and Signature-Agent headers. These headers enable cryptographic verification of AI agent requests. HUMAN performs verification automatically when organizations use its products, eliminating the need for custom signature checking code.

The system addresses fundamental challenges in threat detection operations. Security teams typically face friction when interacting with threat data through multiple dashboards, manual queries, and time-consuming triage processes. Modern threats move quickly, requiring intelligence systems that move faster. Conversational interfaces reduce time-to-insight by eliminating context switching between tools.

Context engineering emerged as a crucial discipline for AI agent success in 2025. Industry practitioners identified information architecture as the determining factor for AI implementations. HUMAN's MCP Server applies context engineering principles by structuring threat intelligence for optimal AI consumption. The system determines appropriate information for specific tasks, formats data for model processing, and adapts context based on query requirements.

Market implications for security teams

The conversational security model changes how organizations staff and train security operations. Traditional security analyst roles required expertise in multiple dashboard interfaces, query languages, and data interpretation techniques. Conversational interfaces lower the barrier to accessing threat intelligence, potentially enabling broader team members to contribute to security operations.

HUMAN customers include Fortune 500 companies and major platforms worldwide. The company examines more than 20 trillion interactions per week globally, providing extensive visibility into threat patterns. This scale enables the MCP Server to deliver answers backed by comprehensive data rather than limited samples.

The advertising industry faces particular challenges from invalid traffic and fraud. HUMAN and Opera Ads announced a partnership in September 2024 to integrate pre-bid detection into Opera Ads' platform. Connected TV advertising presents unique vulnerabilities due to limited on-device measurement capabilities and heavy reliance on server communication. HUMAN's fraud defense solution addresses these challenges through behavioral analysis rather than static detection methods.

Industry studies continue revealing significant programmatic spending waste. Hidden intermediaries, duplicative auctions, and fraud within complex supply paths drain advertiser budgets. Average publishers work with over 10 supply-side platforms, meaning the same impression often auctions multiple times to one buyer. This artificial competition inflates costs per thousand impressions through waste rather than genuine demand.

Implementation timeline and availability

HUMAN released the MCP Server as open-source software under MIT license on July 24, 2025. The company published the code to its GitHub repository, enabling customers and security researchers to examine the implementation. Organizations can begin using the server immediately by installing it from the repository and configuring it with valid HUMAN API credentials.

The announcement indicated that HUMAN plans to expand the MCP toolset and support additional workflows over time. The company committed to releasing tutorials, use cases, and deeper integration guidance in subsequent updates. Customer Success teams provide setup assistance and information to existing HUMAN customers.

Organizations without HUMAN accounts can request demonstrations or contact sales to evaluate the platform. The MCP Server requires active HUMAN accounts with API access, limiting immediate availability to current customers. This approach ensures that threat intelligence access remains controlled while the conversational interface expands capabilities.

The server works with MCP-compatible AI clients including Cursor and Claude. As additional AI assistants adopt the Model Context Protocol, the server will support those platforms without requiring code changes. This standardization aligns with industry movements toward interoperable AI infrastructure.

HUMAN described the release as "just the beginning" of conversational security capabilities. The company indicated ongoing development to enhance tooling and expand supported workflows. Security teams can expect additional features that build on the conversational query foundation.

Timeline

• November 2024: Anthropic introduces Model Context Protocol (MCP) as standardized framework for AI systems to connect with external data sources
• March 2025: OpenAI announces MCP support integration across OpenAI products including ChatGPT desktop app
• June 2025: Microsoft launches Clarity MCP server enabling natural language analytics queries
• July 2, 2025: Context engineering emerges as crucial discipline for AI agent success, with industry identifying information architecture as key performance factor
• July 17, 2025: AppsFlyer launches AI-powered MCP tool for mobile measurement and attribution queries
• July 20, 2025: Security researchers identify vulnerabilities in Model Context Protocol implementations affecting marketing technology platforms
• July 24, 2025: HUMAN Security announces open-source MCP Server for AI-powered threat intelligence queries
• September 3, 2025: Gracenote launches Video MCP Server to verify AI responses for television platforms
• September 29, 2025: OpenAI launches instant checkout for ChatGPT with Agentic Commerce Protocol
• October 6, 2025: Independent analyst questions agentic commerce viability despite ChatGPT checkout features

Summary

Who: HUMAN Security, a cybersecurity company protecting Fortune 500 companies and major platforms, released the MCP Server. Authors Ben Diamant and Ori Gold announced the product. Security teams using HUMAN's Sightline Cyberfraud Defense and Client-side Defense products can implement the server.

What: The HUMAN Security MCP Server is an open-source bridge between AI assistants and HUMAN's threat intelligence APIs. The server enables conversational queries about attack trends, user security profiles, cluster forensics, traffic security posture, third-party script risks, compliance status, and client-side incidents. The system processes queries in real-time using the Model Context Protocol.

When: HUMAN announced the MCP Server on July 24, 2025. The product became immediately available to existing HUMAN customers through the company's GitHub repository under MIT license. Implementation requires API credentials from active HUMAN accounts.

Where: The MCP Server runs locally on organizational infrastructure, connecting to HUMAN's cloud-based threat intelligence platform. The system operates globally, serving organizations that use HUMAN's security products across multiple regions and industries.

Why: Security teams face friction interacting with threat data through dashboards, queries, and manual triage. The conversational interface reduces time-to-insight by enabling natural language queries instead of learning multiple interfaces. HUMAN aims to make security intelligence accessible through the most intuitive method: conversation. The release addresses industry needs as organizations implement AI agents while maintaining security requirements.