Introducing the Malware Patrol MCP Server

Insights

Introducing the Malware Patrol MCP Server for Cybersecurity Teams

We recently wrote about how MCP servers are unlocking new ways to use AI in cybersecurity. If you missed it, start here to learn what MCP servers are and how they work.

Today, we’re excited to announce the beta launch of our own MCP server, purpose-built for security teams.

Why We Built It

Security professionals need AI that’s more than just a chatbot. The Malware Patrol MCP server connects a custom-trained LLM to structured data, IOCs, and security context, enabling real-world workflows like:

  • Threat actor profiling
  • IOC investigation and correlation
  • Campaign tracking and attribution
  • CVE and malware analysis
  • Infrastructure overlap detection
  • Alert enrichment

What Powers the Malware Patrol MCP Server

Our model has been trained on a curated set of cybersecurity industry content, including:

  • APT and threat group profiles
  • Campaign breakdowns
  • Post-incident investigation reports
  • Security research articles

From this content, we extract structured indicators such as:

  • Threat actor profiles
  • IP addresses
  • File hashes
  • Email addresses used to exfiltrate data and in phishing and other malicious campaigns
  • CVEs abused by threat actors
  • Cryptocurrency wallet addresses

This information is stored and made accessible through our MCP interface. You can query it using natural language.

Sample Questions You Can Ask

  • What are all the known aliases of APT28?
  • What is the timeline of known activity for APT15?
  • Retrieve the latest IOCs associated with APT39.
  • Which threat actors are known to use Cobalt Strike and target retail?
  • Which CVEs are exploited by both APT15 and APT35?
  • Which actor is associated with the hash 7568062ad4b22963f3930205d1a14df7?

These are just a few of the hundreds of supported queries.

Built for Integration and Control

Malware Patrol MCP server supports:

  • Role-based access and authentication
  • Session-aware tool calling
  • Input validation and call logging
  • API integration with internal tools or threat intel platforms

As the system evolves, we will add more tools and workflows based on customer needs and feedback.

Join the Beta Program

AI is powerful. Connected to your tools, your intelligence, and your policies, it becomes operational. We’re offering early access to security teams, MSSPs, and researchers interested in:

  • Using LLMs for real-world threat research
  • Automating investigation workflows
  • Connecting AI to internal tools
  • Helping shape the next generation of cybersecurity copilots

Request beta access here.

?

How big are your threat data gaps?

See for yourself.

Free Data Evaluation
?