JupiterOne AI Integration (MCP Server) [Beta]
The JupiterOne MCP Server is currently in beta. Contact your Customer Success Manager to join the beta program and get early access to AI-powered security operations.
The JupiterOne Model Context Protocol (MCP) Server enables AI assistants like Claude Desktop and Cursor IDE to interact directly with your JupiterOne account using natural language.
Prerequisites
- Active JupiterOne account with API access
- JupiterOne API key and account ID
- Node.js version 18 or higher
- AI assistant with MCP support (Claude Desktop, Cursor IDE)
Installation
Generic Installation
Install the MCP server using npx (recommended):
npx @jupiterone/jupiterone-mcp
Or install globally for repeated use:
npm install -g @jupiterone/jupiterone-mcp
Configuration
Get Your Credentials
- API Key: Navigate to Settings → User API Tokens in JupiterOne and create a new API key
- Account ID: Found in Account Management or by running:
find jupiterone_account as x return x.accountId
The MCP server gets access to your JupiterOne instance through the API key provided to it. This allows the MCP server to run within the context of the user and restricts access inline with the RBAC configuration.
AI Platform Setup
Claude Desktop
-
Locate your Claude Desktop configuration file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
- macOS:
-
Add this configuration:
{
"mcpServers": {
"jupiterone": {
"command": "npx",
"args": ["-y", "@jupiterone/jupiterone-mcp"],
"env": {
"JUPITERONE_API_KEY": "your-api-key-here",
"JUPITERONE_ACCOUNT_ID": "your-account-id-here"
}
}
}
}
- Restart Claude Desktop
Cursor IDE
- Open Cursor Settings (⌘+, on Mac, Ctrl+, on Windows)
- Navigate to Features → Model Context Protocol
- Add the same JSON configuration as above
- Restart Cursor
GitHub Copilot
GitHub Copilot MCP support is currently in public preview. Available in Visual Studio Code, JetBrains, Eclipse, and Xcode.
To configure the JupiterOne MCP server with GitHub Copilot:
- Create MCP configuration file in your project root at
.vscode/mcp.jsonusing the same configuration format as above - Start the MCP server by clicking the "Start" button that appears in the configuration file
- Open Copilot Chat and select "Agent" from the popup menu
- Access MCP tools by clicking the tools icon to view available MCP servers
- Test connection by asking Copilot to query your JupiterOne data
For detailed instructions, see the GitHub Copilot MCP documentation.
What You Can Do
Ask your AI assistant natural language questions like:
- "Show me all critical vulnerabilities from the last 7 days"
- "Which EC2 instances have public IP addresses?"
- "Create a dashboard tracking my biggest security risks"
- "Find all users with admin privileges"
- "Get active alerts related to unauthorized access"
The MCP server provides 26 tools for querying data, managing alerts and rules, creating dashboards, and monitoring integrations.
Beta Limitations
As a beta release, the MCP server has the following known limitations:
- stdio transport only: Currently supports only stdio MCP server transport. HTTP server support is coming soon
- Local execution only: Must run on your local machine. Remote JupiterOne MCP server support is coming soon
- Limited write operations: Modify and delete actions are restricted until we gather feedback and implement them safely
- ChatGPT incompatibility: Does not work with ChatGPT's current MCP specification
The MCP server consumes your JupiterOne API rate limit quota. Each operation counts against your API rate limits. Monitor your usage to avoid hitting limits during critical operations.
FAQ
Data Residency & Processing
The JupiterOne MCP Server runs locally on your machine and acts as a secure bridge between your AI assistant and your JupiterOne account. When a query is made, the MCP server uses your API key to fetch data from JupiterOne’s cloud infrastructure, then passes it back to your assistant. While the server itself does not store or transmit data beyond your machine, retrieved data may be sent to the AI assistant’s LLM provider (e.g., Anthropic or OpenAI) depending on your tool’s configuration. Data never passes through a centralized JupiterOne MCP host, and your usage follows the same data residency principles as standard API access.
LLM Compatibility & Data Handling
The MCP Server integrates with any AI assistant that supports the Model Context Protocol (MCP), including Claude Desktop, Cursor IDE, GitHub Copilot, Continue.dev, and Cline. Once the server is running and configured, your assistant can use natural language to request security data, which is fetched from JupiterOne and passed to the LLM for interpretation. This means data such as asset inventories, vulnerability reports, or alert summaries can be included in AI prompts, depending on what you query. It’s important to treat this as a form of third-party data sharing—ensure your selected assistant has appropriate enterprise security practices in place.
Privacy, Logging & Data Sharing
JupiterOne does not store or inspect MCP interactions beyond standard API behavior. Your API key governs all access, and data is only transmitted in response to your assistant’s specific queries. The MCP server runs on your machine and does not retain data. However, your AI assistant may log conversations or prompts on its own platform, just as it would during typical usage. To manage exposure, review your LLM provider’s data retention and privacy terms, and consider using enterprise or self-hosted models for sensitive environments.
Access Control & Security Enforcement
Data access through the MCP Server is governed entirely by the JupiterOne API key and RBAC configuration you provide. The server inherits all access controls from the user role attached to the key—so AI assistants can only retrieve what your account has permission to access. You can further restrict access by scoping the API key, adjusting user roles, or disabling individual MCP tools. Since the server is installed and run locally, you retain full control over when it runs and what it can access. Turning off the server or removing its configuration from your assistant completely disables AI access.
Rate Limits & Quotas
Every request made through the MCP Server counts against your JupiterOne API rate limit. This includes queries for asset data, alerts, dashboards, or integrations. Frequent use through an AI assistant could impact your rate quota if not monitored. We recommend reviewing your API usage regularly—especially when enabling assistants for broad or high-frequency queries—to avoid service slowdowns.
Deployment, Support & Customer Control
The JupiterOne MCP Server is not enabled by default. It’s available as a beta feature and must be explicitly activated by contacting your Customer Success Manager. Once installed, it runs entirely on your local environment, with no persistent connections to JupiterOne or third-party infrastructure. You can disable it at any time by stopping the process or removing your AI assistant’s MCP configuration. For assistance or onboarding, reach out to your CSM or email support@jupiterone.com.
Join the Beta
Interested customers should contact their Customer Success Manager to join the beta program and help shape the future of AI-powered security operations.
Support
For beta access or technical support, contact your Customer Success Manager or reach out through your standard JupiterOne support channels.