Table Of Contents
What’s new
The Flashpoint MCP Server is a new capability that integrates Flashpoint’s intelligence data directly into AI assistants and AI-native workflows.
It is built on the Model Context Protocol (MCP), an open standard that allows Large Language Models (LLMs) to safely interact with external data sources. Instead of requiring analysts to manually pivot between platforms or copy and paste data, the MCP Server exposes Flashpoint intelligence as data “tools” that an AI can query in natural language.
If you are using an MCP-compatible client (such as Claude or Gemini), your AI assistant can now retrieve and analyze data across several Flashpoint modules:
- Communities Intelligence
- Finished Intelligence Reports
- News
- Technical Indicators
- Vulnerability Intelligence
- Ransomware Activity
- Compromised Credentials across Enterprise and Customers
- Infected Hosts
- Strategic Entity Data (SED)
The MCP Server automatically inherits your organization’s existing Flashpoint subscription entitlements. This initial release is read-only, meaning AI systems can retrieve and analyze data, but they cannot alter settings, generate alerts, or modify operational workflows.
Why it matters
Security teams are rapidly adopting AI assistants to accelerate investigations, analysis, reporting, and decision-making.
At the same time, AI systems are only as valuable as the data they can access.
Most large language models rely primarily on static training data and lack direct access to proprietary, real-time security intelligence. As a result, analysts often find themselves manually copying information between platforms, building custom integrations, or relying on incomplete context.
The Flashpoint MCP Server solves this challenge by bringing Flashpoint intelligence directly into the AI environments where analysts are increasingly working.
With MCP, analysts can:
- Retrieve real-time intelligence through natural language prompts
- Reduce manual research and context switching
- Correlate information across multiple Flashpoint datasets more efficiently
- Ground AI-assisted analysis in trusted, current intelligence
- Operationalize Flashpoint intelligence inside emerging AI workflows
By combining deep primary-source collections, analyst-curated intelligence, and operationally relevant security data with modern AI interoperability standards, Flashpoint enables customers to bring high-confidence intelligence directly into their AI-assisted workflows.
How it works
The Flashpoint MCP Server acts as a secure bridge between AI systems and Flashpoint intelligence.
A customer connects their preferred AI assistant to Flashpoint using either OAuth authentication or an API token. Once connected, the AI assistant can securely call Flashpoint intelligence tools whenever relevant information is needed.
For example:
- An analyst asks Claude about a ransomware group.
- Claude identifies that Flashpoint intelligence may be relevant.
- Claude securely calls the Flashpoint MCP Server.
- Flashpoint retrieves authorized intelligence based on the customer’s entitlements.
- The intelligence is returned to the AI assistant.
- The analyst receives a response grounded in real-time Flashpoint data.
At this time, the MCP Server can search, retrieve, enrich, and analyze intelligence, but it cannot create alerts, investigations, intelligence requirements, or other operational workflows.
By adopting this method, organizations can immediately integrate Flashpoint intelligence into their AI workflows. This integration is designed to bolster analytical reliability and maintain stringent governance standards, all while keeping human expertise at the center of the process.
Getting Started
The Flashpoint MCP Server is available today for eligible customers with supported API entitlements. Technical documentation, configuration guides, and lists of supported AI clients are available in the Flashpoint User Hub.
As analyst workflows continue to evolve, Flashpoint is investing in making intelligence more accessible, operational, and interoperable, whether customers are working inside Ignite or within AI-native environments.