MCP Server

Maintained by: Aether365 Team Audience: Security engineers, DevOps teams, and AI-assisted workflow users Scope: Connecting AI assistants to Aether365 scan data via the Model Context Protocol

Aether365 includes a built-in MCP (Model Context Protocol) server that lets AI assistants query your scan results, compliance posture, and security findings, and start read-only scans directly. Available on every plan, including Free. MCP is a read-only surface and never drives AI Pilot.

What is MCP?

The Model Context Protocol is an open standard that allows AI assistants to connect to external data sources. Instead of copy-pasting scan results into a chat window, your AI assistant reads them directly from Aether365.

Supported Clients

Client	Setup
Claude Desktop	One-click config snippet from Settings
Cursor	One-click config snippet from Settings
Any MCP-compatible client	Standard MCP endpoint URL + token

Getting Started

1. Open MCP Settings

Navigate to Settings > MCP in your Aether365 dashboard. You will see your MCP server URL and configuration options.

2. Generate a Headless Token

Click Generate token to create an authentication token. Give it a descriptive label (e.g. "Claude Desktop" or "CI pipeline").

WARNING

Tokens are shown only once after creation. Copy and store them securely. Each token grants read access to your scan data and the ability to start scans (but never to apply a fix).

3. Configure Your AI Client

Claude Desktop

Copy the config snippet from the MCP settings page and paste it into your Claude Desktop configuration file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

json

{
  "mcpServers": {
    "aether365": {
      "command": "npx",
      "args": ["-y", "@anthropic-ai/mcp-remote", "https://mcp.aether365.io/sse"],
      "env": {
        "MCP_HEADERS": "authorization:Bearer YOUR_TOKEN_HERE"
      }
    }
  }
}

Restart Claude Desktop after saving the file.

Cursor

Copy the Cursor config snippet from the MCP settings page and add it to your Cursor MCP configuration. The format is the same as Claude Desktop.

Other MCP Clients

Point your client at the MCP server URL shown in Settings and authenticate with the Authorization: Bearer <token> header.

What Can AI Assistants Do?

Once connected, your AI assistant can:

Query scan results - Ask about your latest compliance score, failing checks, or trends over time
Explore findings - Drill into specific security findings by framework, severity, or service
Start a read-only scan - Kick off a compliance or Exposure Scan on demand, then come back for the results when it finishes
Compare scans - Analyse changes between scan runs to track progress
Generate reports - Create custom summaries for stakeholders or audit preparation

Example Prompts

Reading your posture

"What are my critical findings from the latest scan?"
"Show me all CIS checks that are failing for my Exchange Online configuration"
"How has my compliance score changed over the last month?"
"Summarise my security posture for a board report"

Starting scans

"Start a compliance scan and tell me when it finishes."
"Run an Exposure Scan on my tenant."
"Kick off a scan, then walk me through the new failing checks."

Security

Read-only, no AI Pilot over MCP - An assistant can read your data and start read-only scans, but it can never apply a remediation or drive AI Pilot through MCP. AI Pilot connections are refused for MCP-started scans, so a scan started over MCP never runs in AI Pilot mode and never auto-remediates. Applying a fix always stays an explicit, human-approved action in the dashboard.
Tenant-scoped - Every tool call is scoped to your own tenant. An assistant can never reach another tenant's data, whatever it asks for.
Scoped tokens - Each token is independently revocable from the MCP settings page.
Expiry options - Tokens can be set to expire after 90 days, 1 year, or never.
Audit logged - All MCP access, including scans you start, is recorded in your audit trail.

Token Management

Action	How
Create token	Settings > MCP > Generate token
View active tokens	Settings > MCP (shows label, created date, last used, expiry)
Revoke token	Click "Revoke" next to any active token

Revoking a token takes effect immediately. Any client using that token will lose access.

Troubleshooting

AI assistant cannot connect

Verify the MCP server URL in Settings > MCP
Check that your token has not been revoked or expired
Ensure your client configuration includes the correct Authorization header
Restart the AI client after configuration changes

"Not available" shown for server URL

Your account may not have completed onboarding. Connect at least one Microsoft 365 tenant and run a scan first.

Token shown as "Never used"

The "Last used" timestamp updates when the AI client successfully authenticates. If it stays at "Never used", the client is not connecting. Double-check the URL and token in your client configuration.

MCP Server ​

What is MCP? ​

Supported Clients ​

Getting Started ​

1. Open MCP Settings ​

2. Generate a Headless Token ​

3. Configure Your AI Client ​

Claude Desktop ​

Cursor ​

Other MCP Clients ​

What Can AI Assistants Do? ​

Example Prompts ​

Security ​

Token Management ​

Troubleshooting ​

AI assistant cannot connect ​

"Not available" shown for server URL ​

Token shown as "Never used" ​