Setup

Six read-only tools that let an AI assistant explore the graph without writing Cypher by hand:

• query — run any Cypher query against WhisperGraph
• list_labels — every node label with live counts (e.g. HOSTNAME, IPV4, ASN, FEED_SOURCE)
• describe_label — properties and row count for a single label
• explain_indicator — structured threat-intel assessment (severity, factors, sources) for an IP, hostname, ASN, or CIDR
• whisper_history — historical WHOIS or BGP snapshots for a given indicator
• domain_variants — typosquatting / brand-protection variant generation: registered lookalikes of a domain (homoglyphs, bitsquats, TLD swaps, and more)

Plus resources such as whisper://quota (your plan's current rate limits) and pre-built prompts for common investigation patterns. Once connected, you can ask things like:

• "Who hosts www.google.com? Show the IP, prefix, and ASN."
• "Find all hostnames resolving to 8.8.8.8."
• "What threat feeds list 185.220.101.1?"
• "Find registered typosquats of paypal.com."

For the full surface — all 6 tools, 6 resources, and 8 prompts, plus typosquat / brand-protection detection — see the MCP Reference.

Authentication is via OAuth (default) or a static API key from the Whisper console. All requests are read-only — clients cannot mutate the graph.

Claude Desktop

1. Open Settings → Connectors
2. Scroll to the bottom and click Add custom connector
3. Enter the URL https://mcp.whisper.security and click Add
4. Back in the Connectors list, click Connect next to whisper-graph — a browser window opens for OAuth
5. Sign in with your Whisper Security account to finish

Adding the connector does not authenticate you; the Connect button in step 4 is what starts the sign-in flow.

Claude.ai (Web)

Available on Pro, Max, Team, and Enterprise plans. Free accounts are limited to one custom connector; Team and Enterprise connectors are added by an organization owner.

1. Sign in at claude.ai and open Customize → Connectors
2. Click + and choose Add custom connector
3. Enter the URL https://mcp.whisper.security and click Add
4. The connector appears in the list — click Connect next to whisper-graph and complete the OAuth sign-in with your Whisper Security account
5. In a chat, enable it via the + button → Connectors → toggle on whisper-graph

Claude Code

claude mcp add --transport http whisper-graph https://mcp.whisper.security

Opens your browser for sign-in on first use. Scope options:

• --scope user -- all projects
• --scope project -- current project only
• --scope local -- this machine, this project (default)

Cursor

1. Open Settings → Tools & Integrations
2. Click Add new global MCP server
3. Paste:

{
  "mcpServers": {
    "whisper-graph": {
      "url": "https://mcp.whisper.security"
    }
  }
}

4. Save and restart Cursor For team-wide config, use .cursor/mcp.json in the project root instead.

Create .vscode/mcp.json in your project root:

{
  "servers": {
    "whisper-graph": {
      "type": "http",
      "url": "https://mcp.whisper.security"
    }
  }
}

For user-level config (all projects), use Command Palette > MCP: Add Server.

Windsurf

1. Open Settings (Cmd+, on Mac, Ctrl+, on Windows)
2. Search for MCP
3. Click View raw config
4. Add:

{
  "mcpServers": {
    "whisper-graph": {
      "serverUrl": "https://mcp.whisper.security"
    }
  }
}

5. Save and restart Windsurf uses serverUrl instead of url.

Antigravity

1. Click ... at the top of the chat panel
2. Click MCP Servers > Manage MCP Servers > View raw config
3. Add to mcp_config.json:

{
  "mcpServers": {
    "whisper-graph": {
      "serverUrl": "https://mcp.whisper.security"
    }
  }
}

4. Go back to Manage MCP Servers and click refresh Config file: ~/.gemini/antigravity/mcp_config.json

ChatGPT

Custom MCP connectors require Developer Mode, available in beta on Pro, Plus, Business, Enterprise, and Edu plans (not on Free or Go). On Business and Enterprise, a workspace admin must enable it first.

1. Open Settings → Apps & Connectors → Advanced settings and turn on Developer mode
2. Go back to Settings → Apps & Connectors and click Create
3. Enter the URL https://mcp.whisper.security and submit
4. Open a new chat — when you first invoke the connector, ChatGPT prompts you to authenticate; complete the OAuth sign-in with your Whisper Security account

ChatGPT supports OAuth only — Bearer API keys are not exposed in the UI.

OpenAI Codex

Add to ~/.codex/config.toml:

[mcp_servers.whisper-graph]
url = "https://mcp.whisper.security"

Then authenticate:

codex mcp login whisper-graph

Other clients

Any MCP client that speaks Streamable HTTP works.

npx mcp-remote https://mcp.whisper.security

Connecting through API key

OAuth is the recommended authentication path — the server supports RFC 7591 Dynamic Client Registration with PKCE (S256), so most clients can connect with just the URL and no manual key handling. Static API keys are the fallback for clients that don't speak OAuth.

If your client doesn't support OAuth, you can authenticate with an API key instead.

1. Go to console.whisper.security and generate an API key
2. Add a headers block to your client's MCP config with Authorization: Bearer YOUR_API_KEY

For Cursor, Claude Code, and other clients that follow the standard mcpServers shape:

{
  "mcpServers": {
    "whisper-graph": {
      "url": "https://mcp.whisper.security",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

For VS Code (.vscode/mcp.json):

{
  "servers": {
    "whisper-graph": {
      "type": "http",
      "url": "https://mcp.whisper.security",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

For Windsurf and Antigravity (serverUrl instead of url):

{
  "mcpServers": {
    "whisper-graph": {
      "serverUrl": "https://mcp.whisper.security",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

For OpenAI Codex (~/.codex/config.toml):

[mcp_servers.whisper-graph]
url = "https://mcp.whisper.security"
http_headers = { Authorization = "Bearer YOUR_API_KEY" }

Claude.ai and Claude Desktop's connector UI only expose OAuth — they do not support custom Bearer headers. To use an API key with these clients, point them at the mcp-remote STDIO bridge instead:

npx mcp-remote https://mcp.whisper.security --header "Authorization: Bearer YOUR_API_KEY"

Keep your API key out of version control.

Once the connector is registered, ask the assistant:

"List the WhisperGraph node labels."

The MCP client should invoke the list_labels tool and return roughly 20 labels (HOSTNAME, IPV4, IPV6, ASN, ANNOUNCED_PREFIX, FEED_SOURCE, …) with live counts. If you instead get an apology or a hand-written list of what the assistant thinks the schema looks like, the tool isn't connected — recheck the connector URL and re-authenticate.

To confirm a fully-featured connection, check the connector surface in your client's MCP/tools panel. A complete connection exposes 6 tools, 6 resources, and 8 prompts. If you see fewer, the client may be caching an older connection — disconnect and reconnect.

As a second test, try the newest capability:

"Find registered typosquats of paypal.com."

This should invoke the domain_variants tool and return registered lookalike domains rather than a guessed list.

• MCP Reference — every tool, resource, and prompt the connector exposes, plus example questions and the schema-introspection pattern AI agents should use before writing queries.
• Cypher API Reference — if you'd rather call the graph directly over REST without MCP.

• Open a ticket: console.whisper.security/support
• Email: support@whisper.security
• Security disclosures: security@whisper.security