Setup
Connect Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, ChatGPT or any MCP client to the Whisper graph. Per-client config snippets, OAuth and API-key auth (always required), and a first investigation. Sessions last ~6 months and survive deploys.
Setup Documentation
Run these as guided flows: Ground your AI agent before it acts — each opens with a live result you can run on your own indicator.
Use case: AI agent grounding over MCP — the overview, with a query you can run live.
Whisper MCP gives AI assistants access to WhisperGraph, a graph database of internet infrastructure: tens of billions of nodes and edges. DNS, BGP, IP allocation, WHOIS, threat intel. The AI writes Cypher, runs it, and gives you results — with the exact query it ran returned alongside the answer.
This page walks you through connecting an MCP client to https://mcp.whisper.security. For the full surface and example questions, see the MCP Reference.
What you get
Six read-only tools that let an AI assistant explore the graph without writing Cypher by hand:
query— run any Cypher query against WhisperGraph; returns columns, rows, statistics, and anevidenceblock. Supportsformat(table/graph/compact) and count-firstpage/pageSizepagination.explain_indicator— structured threat-intel assessment (severity, factors, sources) for an IP, hostname, ASN, or CIDR.explain_schema— the schema, on demand. No argument returns the label catalogue (label + count + scale); pass alabelto get that entity's properties, inbound/outbound edges, and a runnable sample traversal. The schema is never dumped into context up front.read_docs— pull the Whisper docs (whisper.security/docs/**) on demand: list, search, or fetch one page as Markdown. Keeps the Cypher reference and cookbook out of the always-on context.list_workflows— search the shared workflow & recipe gallery; each item comes back with its summary and full parameter space, so the agent can run any variant.run_workflow— run one or more gallery playbooks by slug in a single call (a multi-step investigation collapsed into one tool call); returns chained per-step results, derived signals, and anevidencetrail.
run_workflow is how whole investigations run in one call. Typosquat sweeps, WHOIS history, host identity, and CDN de-cloaking are all gallery recipes — see the Workflow & recipe gallery.
Plus on-demand resources such as whisper://quota (your plan's current rate limits) and a set of built-in prompts for common investigation patterns. Once connected, you can ask things like:
- "Who hosts www.google.com? Show the IP, prefix, and ASN."
- "Find all hostnames resolving to 8.8.8.8."
- "What threat feeds list 185.220.101.1?"
- "Run the typosquat sweep for paypal.com."
- "Whose infrastructure is github.com, and is it dangerous?"
- "What are the real origin IPs behind www.cloudflare.com?"
For the full surface — all 6 tools, the resources, the prompts, and the gallery — see the MCP Reference.
Authentication
Authentication is always required. There is no way to run the server without it — every request must carry credentials. You have two paths:
- OAuth 2.1 (recommended) — the server supports RFC 7591 Dynamic Client Registration with PKCE (
S256), so most clients connect with just the URL and no manual key handling. - Static API key — for clients that don't speak OAuth: send
Authorization: Bearer <key>with a key from the Whisper console.
All requests are read-only — clients cannot mutate the graph.
Stay connected. Sessions last ~6 months and survive server deployments — you won't be asked to sign in again after an update. Refresh tokens (and your client's registration) persist server-side and rotate automatically, so an actively-used connection effectively stays signed in.
Setup
Claude Desktop
- Open Settings → Connectors
- Scroll to the bottom and click Add custom connector
- Enter the URL
https://mcp.whisper.securityand click Add - Back in the Connectors list, click Connect next to whisper-graph — a browser window opens for OAuth
- Sign in with your Whisper Security account to finish
Adding the connector does not authenticate you; the Connect button in step 4 is what starts the sign-in flow.
Remote connectors require a Pro, Max, Team, or Enterprise plan.
Claude.ai (Web)
Available on Pro, Max, Team, and Enterprise plans. Free accounts are limited to one custom connector; Team and Enterprise connectors are added by an organization owner.
- Sign in at claude.ai and open Customize → Connectors
- Click + and choose Add custom connector
- Enter the URL
https://mcp.whisper.securityand click Add - The connector appears in the list — click Connect next to whisper-graph and complete the OAuth sign-in with your Whisper Security account
- In a chat, enable it via the + button → Connectors → toggle on whisper-graph
Claude Code
claude mcp add --transport http whisper-graph https://mcp.whisper.security
Opens your browser for sign-in on first use. Options come before the server name; the URL is positional after the name. Scope options:
--scope user-- all projects--scope project-- current project only--scope local-- this machine, this project (default)
Cursor
- Open Settings → Tools & Integrations
- Click Add new global MCP server
- Paste:
{
"mcpServers": {
"whisper-graph": {
"url": "https://mcp.whisper.security"
}
}
}
- Save and restart Cursor
For team-wide config, use
.cursor/mcp.jsonin the project root instead.
VS Code (GitHub Copilot)
Create .vscode/mcp.json in your project root:
{
"servers": {
"whisper-graph": {
"type": "http",
"url": "https://mcp.whisper.security"
}
}
}
For user-level config (all projects), use Command Palette > MCP: Add Server.
Windsurf
- Open Settings (Cmd+, on Mac, Ctrl+, on Windows)
- Search for MCP
- Click View raw config
- Add:
{
"mcpServers": {
"whisper-graph": {
"serverUrl": "https://mcp.whisper.security"
}
}
}
- Save and restart
Windsurf uses
serverUrlinstead ofurl.
Antigravity
- Click ... at the top of the chat panel
- Click MCP Servers > Manage MCP Servers > View raw config
- Add to
mcp_config.json:
{
"mcpServers": {
"whisper-graph": {
"serverUrl": "https://mcp.whisper.security"
}
}
}
- Go back to Manage MCP Servers and click refresh
Config file:
~/.gemini/antigravity/mcp_config.json
ChatGPT
Custom MCP connectors require Developer Mode, available in beta on Pro, Plus, Business, Enterprise, and Edu plans (not on Free or Go). On Business and Enterprise, a workspace admin must enable it first.
- Open Settings → Apps & Connectors → Advanced settings and turn on Developer mode
- Go back to Settings → Apps & Connectors and click Create
- Enter the URL
https://mcp.whisper.securityand submit - Open a new chat — when you first invoke the connector, ChatGPT prompts you to authenticate; complete the OAuth sign-in with your Whisper Security account
ChatGPT supports OAuth only — Bearer API keys are not exposed in the UI.
OpenAI Codex
Add to ~/.codex/config.toml:
[mcp_servers.whisper-graph]
url = "https://mcp.whisper.security"
Then authenticate:
codex mcp login whisper-graph
Other clients
Any MCP client that speaks Streamable HTTP works.
| Transport | URL | Notes |
|---|---|---|
| Streamable HTTP | https://mcp.whisper.security | Primary transport — what /.well-known/mcp.json advertises. Negotiates protocol 2025-06-18. |
| SSE | https://mcp.whisper.security/sse | Legacy SSE compatibility transport. Works, but negotiates the older 2024-11-05 protocol and is not the advertised transport — prefer Streamable HTTP unless your client is SSE-only. |
For STDIO-only clients, use the mcp-remote bridge: |
npx mcp-remote https://mcp.whisper.security
Key concepts: MCP · Knowledge graph · Reconciled verdict.
Connecting through API key
OAuth is the recommended authentication path — the server supports RFC 7591 Dynamic Client Registration with PKCE (S256), so most clients can connect with just the URL and no manual key handling. Static API keys are the fallback for clients that don't speak OAuth. Either way, a request with no credentials is rejected — there is no anonymous mode and no switch to disable auth.
If your client doesn't support OAuth, you can authenticate with an API key instead.
- Go to console.whisper.security and generate an API key
- Add a
headersblock to your client's MCP config withAuthorization: Bearer YOUR_API_KEY
For Cursor, Claude Code, and other clients that follow the standard mcpServers shape:
{
"mcpServers": {
"whisper-graph": {
"url": "https://mcp.whisper.security",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}
For VS Code (.vscode/mcp.json):
{
"servers": {
"whisper-graph": {
"type": "http",
"url": "https://mcp.whisper.security",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}
For Windsurf and Antigravity (serverUrl instead of url):
{
"mcpServers": {
"whisper-graph": {
"serverUrl": "https://mcp.whisper.security",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}
For OpenAI Codex (~/.codex/config.toml):
[mcp_servers.whisper-graph]
url = "https://mcp.whisper.security"
http_headers = { Authorization = "Bearer YOUR_API_KEY" }
Claude.ai and Claude Desktop's connector UI only expose OAuth — they do not support custom Bearer headers. To use an API key with these clients, point them at the mcp-remote STDIO bridge instead:
npx mcp-remote https://mcp.whisper.security --header "Authorization: Bearer YOUR_API_KEY"
Keep your API key out of version control.
Validating your connection
Once the connector is registered, ask the assistant:
"List the WhisperGraph node labels."
The MCP client should invoke the explain_schema tool (no argument) and return the label catalogue — 39 labels (HOSTNAME, IPV4, IPV6, ASN, ANNOUNCED_PREFIX, FEED_SOURCE, TOR_RELAY, TLS_FINGERPRINT, VENDOR, …) with live counts and scale. If you instead get an apology or a hand-written list of what the assistant thinks the schema looks like, the tool isn't connected — recheck the connector URL and re-authenticate.
To confirm a fully-featured connection, check the connector surface in your client's MCP/tools panel. A complete connection exposes the 6 tools — query, explain_indicator, explain_schema, read_docs, list_workflows, run_workflow. If you see fewer, the client may be caching an older connection — disconnect and reconnect.
As a second test, try a one-call investigation:
"Run the typosquat sweep for paypal.com."
This should invoke run_workflow with the tmpl-brand-variants recipe and return registered lookalike domains — along with the evidence trail showing the exact Cypher behind each step.
Your first investigation
Connection confirmed? Now feel the value — ask a real question instead of a schema dump:
Investigate 185.220.101.42 — who owns it, where is it hosted, is it a Tor exit, and what else is nearby?
The assistant answers in plain language, usually with a single run_workflow call against a recon/threat recipe (resolving and scoring the address, pulling a reconciled threat verdict with explain_indicator, and listing co-hosted infrastructure on the same prefix) — a multi-source investigation collapsed into one tool call instead of five round-trips. Every step comes back with the Cypher that produced it in the evidence block.
A couple more starting points to try:
Map the infrastructure behind paypal.com — registrant, nameservers, hosting ASN, and any registered lookalike domains.
What does the graph know about AS13335 — how many prefixes does it announce, and where is it physically present?
Live numbers will differ. WhisperGraph reflects the current state of the internet, not a fixed snapshot — verdicts, counts, and co-tenants change as feeds and routing refresh.
What the free tier includes
AI Context (MCP) is available on every plan, including the free tier — sign up on the Console (no credit card) for a monthly query allowance suitable for evaluation; paid plans raise the quotas. To check your current limits at any time, ask the assistant to read the whisper://quota resource:
Read the whisper://quota resource and tell me my plan and remaining quota.
Troubleshooting
Most connection problems fall into one of these buckets. For the full query-time error model (every errorCode and what it means), see the MCP Reference.
| Symptom | Likely cause | Fix |
|---|---|---|
| The assistant answers infrastructure questions from memory and never calls a tool | The connector isn't actually wired up, or the client didn't load it | Confirm the tool panel lists the Whisper tools. Re-check the URL https://mcp.whisper.security and re-authenticate. Ask explicitly: "Use the Whisper MCP tools to…" |
| Fewer than 6 tools show up | The client cached an older connection | Disconnect the connector and reconnect. Tool lists are negotiated at connect time, so a stale session shows a stale surface. |
OAuth keeps looping or returns 401 invalid_token | The access token expired and the refresh failed | Remove the connector in your client and add it again — the OAuth flow runs fresh. The 401 carries a WWW-Authenticate header that compliant clients follow automatically. Note: refresh tokens last ~6 months, so this is rare. |
401 Unauthorized with an API key | Wrong header shape for your client | Use the right field: a headers block with Authorization: Bearer YOUR_API_KEY for the standard mcpServers shape, serverUrl (not url) for Windsurf/Antigravity, and http_headers in ~/.codex/config.toml for Codex. A freshly-created key can take up to ~60 s to propagate. |
| Connection drops or negotiates an old protocol | The client connected to the legacy /sse endpoint | Prefer the primary Streamable-HTTP endpoint https://mcp.whisper.security (negotiates 2025-06-18). /sse works but is a legacy compatibility transport (2024-11-05) — only use it for SSE-only clients. |
A threat verdict comes back labelled source: "node-cache" | Live scoring was briefly unavailable and the server fell back to the reconciled node verdict | This is expected behaviour, not an error — explain_indicator degrades gracefully rather than failing. The verdict is still valid; source: "live-explain" means fresh scoring. |
429 / rate-limit responses | You hit your plan's per-minute or per-day limit | Read the whisper://quota resource to see your remaining budget, or upgrade your plan at console.whisper.security. |
Next steps
- MCP Reference — every tool, resource, and prompt the connector exposes, the
evidencemodel, and the schema-introspection pattern AI agents should use before writing queries. - Workflow & recipe gallery — discover and run the shared investigation playbooks with
list_workflows/run_workflow. - Cypher API Reference — if you'd rather call the graph directly over REST without MCP.
Support
- Open a ticket: console.whisper.security/support
- Email: support@whisper.security
- Security disclosures: security@whisper.security