CONNECTOR DOCS

Aribot Connector

AI threat modeling, code security review, and compliance automation — available as a connector for Claude, ChatGPT and Gemini. Built by Aristiun / Ayurak.

Overview

Threat Modeling first — Aribot’s core — delivered with full AI Security & Governance across five pillars: Threat Modeling, Code Security (code review, API security, Shadow-AI), Cloud Compliance (cloud security posture), Compliance, and Traceability.

The Aribot connector lets an AI assistant drive your governed Aribot workspace: generate STRIDE threat models, verify threats against real code, trace requirements→controls→remediations, report framework coverage (NIST, ISO 27001, SOC 2), surface remediation guidance, and check live compliance status. Every call is authenticated (OAuth 2.0 + PKCE), scoped to the connecting user's company, and enforced by Aribot's role-based access controls.

Connect

Claude

  1. Settings → Connectors → Add custom connector.
  2. Enter the server URL below; sign in to Aribot and approve consent (Owner or Security Manager).
https://mcp.aribot.ayurak.com/

ChatGPT

Add the same MCP URL (Apps & Connectors), or build a custom GPT importing the OpenAPI schema:

https://api.aribot.ayurak.com/.well-known/openapi.json

Gemini

Register the OpenAPI schema (above) as a tool with OAuth 2.0, or use the remote MCP server.

Availability

The Aribot connector is a standards-compliant remote MCP server plus an OpenAPI 3.1 REST surface, so it works across the major AI assistants and their stores. Live means an end user can add it right now; Listing means the curated store submission is in progress (the connector itself is already live).

Assistant / storeHow to addStatus
Claude — custom connectorSettings → Connectors → Add custom connector → the MCP URL above.Live
Claude — Connectors DirectoryCurated listing in Anthropic's connector directory.Listing
ChatGPT — connectorSettings → Connectors → Add → the MCP URL.Live
ChatGPT — GPT Action / GPT StoreImport the OpenAPI schema into a custom GPT (OAuth), then publish.Listing
ChatGPT — Apps in ChatGPT (Apps SDK)Same MCP server as the app backend.Listing
Gemini / Vertex AIRegister the OpenAPI schema as an OAuth tool, or add the MCP server.Listing
MCP registries (Cursor, VS Code, Windsurf, Claude Desktop…)Add the remote MCP URL, or install from the MCP registry.Live

Auth is identical everywhere: OAuth 2.0 + PKCE with dynamic client registration — no per-store secret to manage for the MCP path.

Endpoints

Remote MCP server  ·  https://mcp.aribot.ayurak.com/
OpenAPI 3.1 schema  ·  https://api.aribot.ayurak.com/.well-known/openapi.json
OAuth authorize / token  ·  https://api.aribot.ayurak.com/o/authorize/  ·  /o/token/
OAuth discovery  ·  https://mcp.aribot.ayurak.com/.well-known/oauth-protected-resource

Tools

ToolDescription
generate_threat_modelGenerate a STRIDE threat model for an architecture or diagram.
verify_threats_in_codeVerify whether modeled threats appear in the actual source code.
get_traceabilityReturn the threat → requirement → control → remediation matrix.
get_framework_coverageReport control/framework coverage (NIST, ISO 27001, SOC 2).
get_remediationPrioritized, context-aware remediation guidance.
compliance_statusCurrent compliance posture for the user's company.
discover_shadow_aiShadow-AI posture — unsanctioned/unknown AI usage found in code (Code Security).
get_api_securityAPI endpoint inventory: auth status, risk level & factors (Code Security).
get_cloud_complianceCloud security & compliance posture per account, CIS/NIST (Cloud Compliance).

Authentication & security

Data handling

The connector calls Aribot's own first-party API (api.aribot.ayurak.com). It does not collect conversation data beyond what is needed to fulfil a request, and has no access to assistant memory, chat history, or user files. Reads and writes are limited to the authenticated user's company workspace.

Privacy policy: https://ayurak.com/privacy-policy

Support

Aristiun / Ayurak — tejs@aristiun.com · ayurak.com · aristiun.com