Aikido MCP

The Aikido MCP (Model Context Protocol) Server brings Aikido's security scanning capabilities directly into your AI coding workflow. By connecting Aikido to your AI-powered IDE and other solutions with MCP support, you enable your coding assistant to automatically scan code for security vulnerabilities and hardcoded secrets, right as you write it.

By integrating the Aikido MCP server into their workflow, agents gain the ability to automatically scan any code they generate. This streamlined workflow allows them to detected and resolve any issues directly as they generate it resulting in safer code early in the development process.

Installation

When the Aikido IDE plugin is installed you can use the Aikido Expansion Packs to install the Aikido MCP server with one click. Learn more in the Expansion Packs docs.

For manual installation details visit the npm package page.

Configuration

After installation, you can configure your agent to automatically scan and improve generated code by adding the following instructions to your agent configuration.

Add the following to your GitHub Copilot custom instructions.

---
alwaysApply: true
always_on: true
trigger: always_on
applyTo: "**"
description: Aikido MCP Security Rules
---

# Security best practices

- Always run aikido_full_scan on generated, added and modified first-party code, unless the prompt explicitly says not to.
- Always provide the full file content to the scanner.
- If the scan identifies any security issues in newly generated or modified code, fix the issues using the scan result and remediation provided by Aikido.
- After applying fixes, run aikido_full_scan again to verify that the issues were successfully resolved, and no new issues were introduced.
- Repeat the fix-and-rescan cycle until the code passes with zero remaining or newly introduced security issues.

Add the following to you Cursor Rules.

---
alwaysApply: true
always_on: true
trigger: always_on
applyTo: "**"
description: Aikido MCP Security Rules
---

# Security best practices

- Always run aikido_full_scan on generated, added and modified first-party code, unless the prompt explicitly says not to.
- Always provide the full file content to the scanner.
- If the scan identifies any security issues in newly generated or modified code, fix the issues using the scan result and remediation provided by Aikido.
- After applying fixes, run aikido_full_scan again to verify that the issues were successfully resolved, and no new issues were introduced.
- Repeat the fix-and-rescan cycle until the code passes with zero remaining or newly introduced security issues.

Add the following to your Windsurf Rules.

---
alwaysApply: true
always_on: true
trigger: always_on
applyTo: "**"
description: Aikido MCP Security Rules
---

# Security best practices

- Always run aikido_full_scan on generated, added and modified first-party code, unless the prompt explicitly says not to.
- Always provide the full file content to the scanner.
- If the scan identifies any security issues in newly generated or modified code, fix the issues using the scan result and remediation provided by Aikido.
- After applying fixes, run aikido_full_scan again to verify that the issues were successfully resolved, and no new issues were introduced.
- Repeat the fix-and-rescan cycle until the code passes with zero remaining or newly introduced security issues.

Add the following to your Kiro Agent steering setup

---
applyTo: "**"
---

# Security best practices

- Always run aikido_full_scan on generated, added and modified first-party code, unless the prompt explicitly says not to.
- Always provide the full file content to the scanner.
- If the scan identifies any security issues in newly generated or modified code, fix the issues using the scan result and remediation provided by Aikido.
- After applying fixes, run aikido_full_scan again to verify that the issues were successfully resolved, and no new issues were introduced.
- Repeat the fix-and-rescan cycle until the code passes with zero remaining or newly introduced security issues.

Add the following to your Antigravity Rules.

- Always run aikido_full_scan on generated, added and modified first-party code, unless the prompt explicitly says not to.
- Always provide the full file content to the scanner.
- If the scan identifies any security issues in newly generated or modified code, fix the issues using the scan result and remediation provided by Aikido.
- After applying fixes, run aikido_full_scan again to verify that the issues were successfully resolved, and no new issues were introduced.
- Repeat the fix-and-rescan cycle until the code passes with zero remaining or newly introduced security issues.

Demo

Demo of the Aikio MCP server working with an agent rule to scan and fix vulnerabilities in AI generated code:

Last updated 7 days ago

Was this helpful?