Cybersecurity Threat Intelligence MCP
Enables searching and retrieving vulnerability data from the GitHub Advisory Database, including EPSS exploit-likelihood scores and CISA Known Exploited Vulnerabilities status.
Facilitates pay-per-use access to premium features via Solana USDC payments, allowing agents to submit payment transactions to bypass the free tier.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Cybersecurity Threat Intelligence MCPSearch for CVE-2024-3094"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Cybersecurity Threat Intelligence MCP
Cybersecurity threat intelligence for AI agents — CVE search enriched with EPSS exploit-likelihood + CISA known-exploited (KEV) status, plus live IP/domain reputation and a real-time threat feed.
Part of the FoundryNet Data Network. Attest your agent's security analysis with MINT Protocol. See also: gov-contracts-mcp, brand-intel-mcp, patent-intel-mcp, financial-signals-mcp, weather-intel-mcp, compliance-mcp.
Live MCP endpoint (Streamable HTTP):
https://cyber-intel-mcp-production.up.railway.app/mcp
Tools
Tool | Price | What it does |
| $0.01 | CVE search by severity, CVSS, EPSS, attack vector, KEV status |
| free | Full CVE — CVSS breakdown, EPSS, KEV, CWE, affected products, refs |
| $0.01 | IP reputation (AbuseIPDB + OTX) — abuse score, threat type, pulses |
| $0.01 | Domain threat indicators (OTX) |
| $0.02 | All CVEs for a product, sorted by EPSS — "should I worry about this dependency?" |
| $0.01 | Recent threat indicators (IPs/domains/hashes/URLs) |
| free | FoundryNet Data Network + MINT Protocol |
Free tier: 25 paid-tool queries/day per agent. Then x402: the tool returns an
HTTP-402 with a Solana USDC payment memo — pay it, re-call with the same args plus
payment_tx=<signature>. An Authorization: Bearer fnet_… key bypasses the paywall.
Related MCP server: Threat Intel MCP Server
The edge: EPSS-ranked vulnerabilities
Raw CVE counts are noise. Every vulnerability here carries its EPSS score (the
probability it'll be exploited) and a CISA KEV flag (whether it's actively
exploited). vulnerability_scan sorts a product's CVEs by exploit likelihood — so
an agent triaging a dependency sees what actually matters first.
Sources
Every 6 hours: NVD (CVEs, keyless + throttled), EPSS (exploit probability), CISA KEV (known-exploited catalog), GitHub Advisories. Live on demand: AbuseIPDB (IP reputation) + AlienVault OTX (IP/domain/pulse indicators). Stored in a standalone Supabase project.
Connect
Smithery: @foundrynet/cyber-intel · MCP registry: io.github.FoundryNet/cyber-intel-mcp
{ "mcpServers": { "cyber-intel": { "url": "https://cyber-intel-mcp-production.up.railway.app/mcp" } } }Built by FoundryNet · hello@foundrynet.io
This server cannot be installed
Maintenance
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/FoundryNet/cyber-intel-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server