> For the complete documentation index, see [llms.txt](https://help.aikido.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.aikido.dev/ai-and-dev-tools/aikido-mcp.md). # AI Coding Assistants (MCP) The Aikido MCP Plugin connects Aikido’s security engine to AI coding tools. It automatically scans AI generated code for vulnerabilities and hardcoded secrets as soon as it is created. AI assistants can review their own output, but that review is not perfect. Aikido adds a reliable and consistent security layer that checks every generated snippet with proven scanning rules. **Why use Aikido MCP** * Deterministic, independent security checks on every AI generated snippet before it is committed * Immediate detection and remediation of vulnerabilities and hardcoded secrets in AI assisted workflows * Real time feedback, making AI driven development safer by default **Available Tools** * **aikido\_full\_scan**: Scans local code files for vulnerabilities (SAST) and hardcoded secrets. * **aikido\_issues\_list**: Fetches security issues from your Aikido feed. * Filter by one scope: `repo_name`, `cloud_name`, `vm_name`, `domain_name`, `container_name`, or `workspace_name` * Optionally narrow a repo scope to a single branch with `repo_branch_name` * Pick one or more issue types: `sast`, `leaked_secret`, `iac`, `open_source`, `cloud`, `cloud_instance`, `docker_container`, `malware`, `eol`, `mobile`, `surface_monitoring`, `scm_security`, `license`, `ai_pentest` * Page through results with `page` (zero-based) * Returns each issue with title, type, severity, and remediation steps * **aikido\_ignore\_issue**: Ignores a security issue in the feed. Requires `issue_id` and a `reason`. * **aikido\_login**: Starts the Aikido sign-in flow; returns region-specific sign-in URLs (EU / US / ME) or confirms you're already signed in. {% hint style="info" %} Not all MCP tools are enabled by default. Admins can enable them on the [permissions page](https://app.aikido.dev/settings/integrations/ide/mcp/permissions) for everyone {% endhint %} **Scanning code** * "Use Aikido to scan this file for security issues" * "Run an Aikido scan on my staged changes to check for secrets before I commit" * "Scan the files I just edited with Aikido and link them to the `payments-api` repo" **Reviewing issues by repo** * "Show me all critical Aikido issues in `payments-api`" * "List any leaked secrets in `frontend-web` from Aikido" * "What open source vulnerabilities does Aikido see in `api-gateway`?" * "Show SAST and IaC issues in `infra-core` from Aikido" **Reviewing issues by cloud, VM, or container** * "List all Aikido cloud issues in `prod-aws`" * "Show malware findings on `web-server-01` from Aikido" * "What end-of-life software is running in the `nginx-proxy` container per Aikido?" * "Show me surface monitoring issues for `example.com` in Aikido" **Combined workflows** * "Use Aikido to scan my current changes, then show existing critical issues in the same repo" * "Check this PR with Aikido and compare against open SAST issues in the repo" ## Installation ### AI Platforms * [Anthropic Claude Code MCP](/ai-and-dev-tools/aikido-mcp/anthropic-claude-code-mcp.md) * [Cursor MCP](/ai-and-dev-tools/aikido-mcp/cursor-mcp.md) * [OpenAI Codex CLI MCP](/ai-and-dev-tools/aikido-mcp/openai-codex-cli-mcp.md) * [Gemini CLI MCP](/ai-and-dev-tools/aikido-mcp/gemini-cli-mcp.md) * [Jetbrains AI](/ai-and-dev-tools/aikido-mcp/jetbrains-ai.md) * [Github Copilot](/ai-and-dev-tools/aikido-mcp/github-copilot.md) * [Mistral Vibe MCP](/ai-and-dev-tools/aikido-mcp/mistral-vibe-mcp.md) * [OpenCode MCP](/ai-and-dev-tools/aikido-mcp/opencode-mcp.md) ### Via Aikido IDE plugins When the [Aikido IDE plugin](broken://pages/TtCgRvpjJR8sPsXdszal) is installed you can use the Aikido Expansion Packs to install the Aikido MCP server with one click. [Learn more in the Expansion Packs docs.](/ai-and-dev-tools/ide-plugins-overview/features/aikido-expansion-packs.md) {% hint style="warning" %} Currently available for Jetbrains IDE's, VS Code and variants (e.g., Windsurf, Cursor, Kiro, and AntiGravity). {% endhint %} * [Cursor IDE](/ai-and-dev-tools/ide-plugins-overview/cursor-ide.md) * [Google Antigravity IDE](/ai-and-dev-tools/ide-plugins-overview/google-antigravity.md) * [JetBrains IDE](/ai-and-dev-tools/ide-plugins-overview/jetbrains-ide-plugins.md) * [Kiro IDE](/ai-and-dev-tools/ide-plugins-overview/kiro-ide.md) * [VS Code IDE](/ai-and-dev-tools/ide-plugins-overview/vs-code-plugin.md) * [Windsurf IDE](/ai-and-dev-tools/ide-plugins-overview/windsurf-ide.md) ### Manual installation for other platforms For any other AI platform or custom MCP setup, refer to the [npm package page for detailed manual installation instructions](https://www.npmjs.com/package/@aikidosec/mcp). ## Rules Aikido IDE plugins will automatically add rules to every repository you open so the LLM's are aware of the MCP and use it during generation. For more information check out the docs below. [Automatically handle MCP rules in IDE](/ai-and-dev-tools/aikido-mcp/automatically-handle-mcp-rules-in-ide.md) ## Demo Demo of the Aikio MCP server working with an agent rule to scan and fix vulnerabilities in AI generated code: {% embed url="" %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/ai-and-dev-tools/aikido-mcp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.