Salt Security

Salt Security MCP Connector for Claude

A+

Integrate Salt Security directly with your AI for comprehensive API threat vector discovery, posture management, and active remediation in real-time.

10 tools Official Updated Jun 28, 2026 Official Vinkius Partner

Connect your AI directly with Salt Security to proactively defend your Application Programming Interface (API) environment. Improve API discovery, manage security posture, and remediate threats in real-time through simple conversational prompts.

What you can do

  • API Inventory & Discovery — View all auto-discovered APIs in your environment, including unknown or shadow APIs (get_inventory). Retrieve schema details, identify exposed sensitive data (PII), and analyze structural drifts (get_endpoint).
  • Threat Intelligence & Monitoring — Monitor active API attacks and business logic abuses as they happen (get_attacks). Profile known threat actors to uncover behavioral patterns (get_attackers).
  • Active Remediation — Respond to incidents immediately by triggering blockade commands against attackers, seamlessly passing instructions to your integrated WAFs (block_attacker).
  • Posture & Governance Assessment — Identify design flaws and vulnerabilities before they reach production (get_posture_vulnerabilities). Manage OpenAPI (OAS) specifications (list_oas_specs, upload_oas_spec) and verify active governance rules (get_governance_policies).

How it works

  1. Enable the Salt Security integration in your workspace.
  2. Navigate to your Salt Security console.
  3. Go to the Settings or Administration section and generate a new API Token.
  4. Paste this token securely into the configuration fields provided below.
  5. Ask the AI: "Are there any known threat actors exploiting our APIs right now?"
api-securitythreat-detectionbehavioral-analyticsshadow-apiposture-managementreal-time-remediation

10 tools expose this connector's capabilities to your AI agent.

block_attacker

Issues a command to block a specific attacker

get_attackers

Lists known threat actors profiled by Salt

get_attacks

Lists detected malicious API attacks

get_endpoint

Retrieves details for a specific API endpoint

get_governance_policies

Lists active API governance rules

get_inventory

Retrieves the auto-discovered API inventory

get_posture_vulnerabilities

Retrieves identified pre-production design flaws

get_system_health

Checks the health of traffic mirror ingestion

list_oas_specs

Lists all uploaded OpenAPI specifications

upload_oas_spec

Uploads a new OAS/Swagger specification

See how to talk to your AI agent using Salt Security.

List all auto-discovered APIs including shadow and zombie APIs in our infrastructure.

I successfully queried your API inventory. There are currently 32 distinct APIs. Among these, exactly 4 are classified structurally as 'zombie' missing formal documentations.

Are we facing any recent attacks aimed at business logic?

Reviewing your active threat ledger, you have exactly 12 malicious attack events attempting account takeovers targeting primary user authentication web modules currently.

Block attacker 'ATT-992' immediately.

The remediation command was actively passed to your Salt Security console. The threat actor profile 'ATT-992' has been assigned an internal blockade rule via integrated gateways.

You can explicitly instruct the AI to use the `block_attacker` tool, which triggers a remediation event across your security infrastructure (e.g., WAF integrations). It provides both visibility and direct active response.

Related Connectors