Team Cymru launches MCP server for threat intelligence

Team Cymru has launched the Pure Signal MCP Server for threat intelligence, now generally available to Pure Signal customers.

The server connects MCP-compatible artificial intelligence agents - including Claude, Microsoft Security Copilot, Copilot Studio, GitHub Copilot and custom agents - to Team Cymru's Pure Signal threat intelligence platform. Team Cymru called it the first purpose-built MCP server for threat intelligence.

The launch reflects a broader shift in cyber security operations as companies test AI agents for alert triage, threat hunting and incident response. MCP, or Model Context Protocol, has emerged as a common way for those agents to connect to external data sources and tools.

Team Cymru said it built the server specifically for large language models rather than adapting an existing application programming interface. The system returns concise responses designed to help AI tools use less context when querying threat intelligence data.

That approach matters as security teams look for ways to move AI beyond pilot projects and into routine investigations. Team Cymru is targeting organisations that want AI systems to retrieve external intelligence directly rather than rely only on internal logs and alerts.

How it works

Through a single MCP connection, the server provides access to several categories of data within the Pure Signal platform. These include IP and domain intelligence, NetFlow communication patterns, passive DNS records, X.509 certificate data, WHOIS information, the company's Scout Query Language, and usage and quota management data.

In practice, an AI agent can look up an IP address, review domain history, examine certificate relationships and query communication patterns across internet infrastructure from the same interface. This is intended to support workflows in which agents investigate indicators, pivot across linked infrastructure and build context during an incident.

Team Cymru also pointed to governance concerns around AI use in security. By including quota and usage visibility, it aims to address how organisations track consumption and control costs when AI systems make repeated external queries.

Mike Barry, vice president of engineering at Team Cymru, said the server's design reflects the growing importance of data access for AI security tools. "Your AI agents are only as good as the data they can reach. We built the Pure Signal MCP Server from the ground up so the world's most capable security agents can reason directly over the world's most comprehensive view of the internet," Barry said.

He added: "This isn't a retrofitted API - it's an LLM-native intelligence interface that has been live, refined, and trusted in production for months."

Operational use

Team Cymru said the product is aimed at several parts of the security market. Security operations centre teams can use it to enrich indicators during triage, while threat intelligence teams can deploy AI agents to hunt across internet-facing infrastructure data.

Security engineers and architects are another target group. For them, the server is positioned as a way to integrate threat intelligence into custom AI workflows and automated response systems without building multiple separate connections to different datasets.

Managed security service providers are also part of the target market. Those firms face pressure to handle more customer alerts without expanding analyst headcount at the same pace, and vendors across the security sector increasingly frame AI as one way to bridge that gap.

The launch also highlights how threat intelligence providers are adapting their products for AI consumption. Many security data services were designed for human analysts or structured API calls by software engineers. AI agents, by contrast, work best with compact, relevant context rather than large raw payloads that consume token budgets.

That technical distinction is becoming commercially important as software companies compete to become data sources for AI assistants embedded in security platforms. If AI agents become regular users of threat intelligence, suppliers will need to make their data easier for models to query, interpret and act on within operational workflows.

Barry said Team Cymru sees the product as an extension of its established role in internet-scale intelligence. "For twenty years, Team Cymru has helped the world's most demanding security teams see what others can't. Pure Signal MCP extends that mission into the agentic era," he said.

He added: "Our customers' AI agents now investigate, pivot, and reason over the same data that has powered government CERTs, global ISPs, and Fortune 500 SOCs - at machine speed."