Aikido MCP

The Aikido MCP Server connects Aikido’s security engine to AI coding tools that support MCP. It automatically scans AI generated code for vulnerabilities and hardcoded secrets as soon as it is created.

AI assistants can review their own output, but that review is not perfect. Aikido adds a reliable and consistent security layer that checks every generated snippet with proven scanning rules.

Why connect Aikido via MCP

• Deterministic, independent security checks on every AI generated snippet before it is committed

• Immediate detection and remediation of vulnerabilities and hardcoded secrets in AI assisted workflows

• Real time feedback inside your IDE or agent environment, making AI driven development safer by default

Available Tools

• aikido_full_scan: Runs a combined SAST + Secrets scan on provided files.

• aikido_sast_scan: Runs a local SAST (static application security testing) scan on provided files

• aikido_secrets_scan: Runs a secrets-only scan on provided files

Installation

Aikido IDE plugins

When the Aikido IDE plugin is installed you can use the Aikido Expansion Packs to install the Aikido MCP server with one click. Learn more in the Expansion Packs docs.

AI Platforms

Manual installation for other platforms

For any other AI platform or custom MCP setup, refer to the npm package page for detailed manual installation instructions.

Rules

Aikido IDE plugins will automatically add rules to every repository you open so the LLM's are aware of the MCP and use it during generation. For more information check out the docs below.

Demo

Demo of the Aikio MCP server working with an agent rule to scan and fix vulnerabilities in AI generated code: