Meet the Vanta MCP Server
BlogEngineering
June 9, 2025

Built for the agentic era: Meet the Vanta MCP Server

Written by
Arsh Vishen
Reviewed by
No items found.

Accelerating security solutions for small businesses 

Tagore offers strategic services to small businesses. 

A partnership that can scale 

Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate.

Standing out from competitors

Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

The way developers interact with tools is changing fast. Language models like Claude and ChatGPT, and IDEs like Cursor and Windsurf are much more than assistants and environments—they’re powerful interfaces for interacting with enterprise data. 

At Vanta, we envision a world where compliance workflows can shift left to meet GRC teams and developers where they already are. By launching the Vanta MCP Server, we’re making that vision real. 

We’re excited to announce that the Vanta MCP Server in now available via public preview—the first step towards bringing trust management into the emerging Model Context Protocol (MCP) ecosystem. In this blog, we’ll share why we built it, what it enables, and how it powers agentic compliance workflows.

Bringing MCP and Trust Management together

MCP (Model Context Protocol) offers a standardized approach to connecting LLMs with critical enterprise data by defining an open protocol for LLMs to interact with data sources. At a high-level, MCP follows a client-server architecture that allows MCP hosts to connect to local and remote data sources. MCP hosts, like Claude or Cursor, can leverage an MCP client to connect to an MCP server, like the Vanta MCP Server. 

image from: https://modelcontextprotocol.io/introduction

What does this mean for trust management? GRC teams want to quickly understand their framework status and resolve failing tests. Developers want to move fast, stay in flow, and fix compliance issues without leaving their tools. By adopting MCP, Vanta is making this possible.

Our iterative approach: Identify and remediate your failing tests

We built a lightweight local MCP server that connects Claude and Cursor to a set of essential Vanta APIs designed specifically for framework exploration and test remediation. Here's what that might look like in practice: 

  • A GRC admin working on a SOC 2 renewal opens Claude Desktop and asks: “What’s the current completion status of my SOC 2?”
  • Claude fetches framework progress via the MCP server.
  • Next, they drill into failed controls, create a Jira ticket, and assign it to a developer—all without touching Jira.
  • The developer sees the ticket in Cursor, understands the issue, and applies a fix in their IDE.

The entire compliance loop that GRC teams and developers have to tackle—understanding, assigning, remediating, verifying—is handled across Claude, Cursor, and Vanta, all connected by MCP.

Vanta: Your AI-powered Trust Management Platform

The Vanta MCP Server is the bridge between your AI tools and your compliance stack, helping your GRC and developer teams move fast without compromising trust. The Vanta MCP Server is available to all Vanta customers on the core package or above. To get started, check out the repo here. And if you’re not a Vanta customer and want to learn more, request a demo.

We also encourage you to learn more about Vanta AI and our new Vanta AI Agent—built to supercharge GRC teams. 

Access Review Stage Content / Functionality
Across all stages
  • Easily create and save a new access review at a point in time
  • View detailed audit evidence of historical access reviews
Setup access review procedures
  • Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews
  • Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems
  • Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta.
  • Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS)
  • Upload access files from non-integrated systems
  • View and select systems in-scope for the review
Review, approve, and deny user access
  • Select the appropriate systems reviewer and due date
  • Get automatic notifications and reminders to systems reviewer of deadlines
  • Automatic flagging of “risky” employee accounts that have been terminated or switched departments
  • Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section
  • Track progress of individual systems access reviews and see accounts that need to be removed or have access modified
  • Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners
  • Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests
  • Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access
  • Focused view of accounts flagged for access changes for easy tracking and management
  • Automated evidence of remediation completion displayed for integrated systems
  • Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results
  • Auditor can log into Vanta to see history of all completed access reviews
  • Internals can see status of reviews in progress and also historical review detail
Logo of incident.io
Incident.io
Logo of Lumos
Lumos
Icepanel logo on a white background.
IcePanel
Epsilon Logo
Epsilon3
The logo for supabase.
Supabase
EasyLLama Logo
EasyLlama
Qualifi Logo
Qualifi
Logo of toku
Toku
FEATURED VANTA RESOURCE

The ultimate guide to scaling your compliance program

Learn how to scale, manage, and optimize alongside your business goals.

DOWNLOAD FOR FREE
GRC
AI and Trust: Navigating Maturity, Influence, and Risk
Compliance
Building Trust in the AI Boom: Security, Capital, and Credibility from Day One
Compliance
Live Demo: Accelerate security and compliance workflows with AI
Vendor Risk Management
Live Demo: Navigating Third-Party Risk Through Vanta’s Vendor Risk Management
GRC
AI and Trust: Navigating Maturity, Influence, and Risk
Compliance
Building Trust in the AI Boom: Security, Capital, and Credibility from Day One
Compliance
Live Demo: Accelerate security and compliance workflows with AI
Vendor Risk Management
Live Demo: Navigating Third-Party Risk Through Vanta’s Vendor Risk Management

Table of contents

No titles!

Share this article

Share this article

Related Resources

SOC 2
Blog

Vanta customer insights

Tips for smooth sailing with SOC 2 compliance

Two logos with the words vanta and tw collision.
Company news
Blog

Vanta to attend three international conferences in June 2022

In June 2022, Vanta will attend three of the biggest tech conferences across the globe. Join us in Dublin, Amsterdam, and Toronto.

Announcing Vanta’s $110 Million Series B
Company news
Blog

Announcing Vanta’s $110 Million Series B

Vanta has raised $110 million in Series B funding led by Craft Ventures with participation from Sequoia, Y Combinator, and other existing investors.

Product updates
Events

Trust is a Team Sport

Jeremy Epling (CPO at Vanta) introduces new product capabilities designed with teamwork in mind. Watch to see how Vanta can help you collaborate easily with your extended team of employees, vendors, auditors, and customers—and win together.

Related Resources

Engineering
Blog
How we fixed a session race condition at Vanta

Learn how the team diagnosed performance challenges and improved authentication reliability for seamless client access.

Engineering
Blog
How we navigated database limits with a growing product

Discover how Vanta rethought its data strategy after nearing MongoDB Atlas storage limits—reducing storage by 30% and building a scalable infrastructure to support rapid product growth.

Engineering
Blog
Unlocking AI innovation with quality hill climbing

Our engineering organization organized a hands-on AI activity centered on evaluating and iterating prompts.

Engineering
Blog
How we standardized error handling at Vanta

In early 2024, our error handling strategy led to vague frontend errors that impacted product quality. Learn how we tackled it.

Engineering
Blog
Seven lessons after seven months in Vanta Engineering

See what it's like stepping into a new role on a fast-moving engineering team at Vanta. Learn key lessons on leadership, impact, and effectiveness.

Engineering
Blog
How Claude + MCP + Vanta could help auditors

At Vanta, we’re always looking to experiment, learn, and stay at the forefront of AI. Recently, we built a proof of concept to explore how auditors could interact more effectively with audits and the data within them.

Engineering
Blog
Speeding up the slowest page in the Vanta app by 7x

Learn how we optimized our app, speeding up our slowest page by 7x to deliver a smoother, more efficient user experience.

Engineering
Blog
The evolution of quality at Vanta

Learn how we elevated our engineering practices to meet growing customer demand and expand into new markets.

Engineering
Blog
Building a smarter retrieval system: Lessons from Vanta AI

Discover how Vanta built and optimized a high-scale AI retrieval system to power critical business decisions.

How to de-risk patching third party software packages
Engineering
Blog
How to de-risk patching third party software packages

Patching a package can be risky. Here are some tips and tricks to make patching a package less risky.

The logo for terraform on a black background.
Engineering
Blog
Engineering at Vanta: How we imported our AWS environment into Terraform

Find out how we resolved a host of issues by importing our AWS environment into Terraform.

Engineering
Blog
3 GraphQL pitfalls and how we avoid them

Vanta's engineering team shares what they've learned from their initial implementation of GraphQL back in 2017 and how GraphQL ended up being the perfect tool for the team.

Get compliant and build trust—fast

Request a demo
G2 Badge 2025 - Best Software | Top 50 Governance, Risk, & Compliance ProductsG2 Badge 2025 - Best Software | Top 50 Security ProductsG2 Badge 2025 - Best Software | Top 100 Best Software Products