AI threat modeling, code security review, and compliance automation — available as a connector for Claude, ChatGPT and Gemini. Built by Aristiun / Ayurak.
Threat Modeling first — Aribot’s core — delivered with full AI Security & Governance across five pillars: Threat Modeling, Code Security (code review, API security, Shadow-AI), Cloud Compliance (cloud security posture), Compliance, and Traceability.
The Aribot connector lets an AI assistant drive your governed Aribot workspace: generate STRIDE threat models, verify threats against real code, trace requirements→controls→remediations, report framework coverage (NIST, ISO 27001, SOC 2), surface remediation guidance, and check live compliance status. Every call is authenticated (OAuth 2.0 + PKCE), scoped to the connecting user's company, and enforced by Aribot's role-based access controls.
Add the same MCP URL (Apps & Connectors), or build a custom GPT importing the OpenAPI schema:
Register the OpenAPI schema (above) as a tool with OAuth 2.0, or use the remote MCP server.
The Aribot connector is a standards-compliant remote MCP server plus an OpenAPI 3.1 REST surface, so it works across the major AI assistants and their stores. Live means an end user can add it right now; Listing means the curated store submission is in progress (the connector itself is already live).
| Assistant / store | How to add | Status |
|---|---|---|
| Claude — custom connector | Settings → Connectors → Add custom connector → the MCP URL above. | Live |
| Claude — Connectors Directory | Curated listing in Anthropic's connector directory. | Listing |
| ChatGPT — connector | Settings → Connectors → Add → the MCP URL. | Live |
| ChatGPT — GPT Action / GPT Store | Import the OpenAPI schema into a custom GPT (OAuth), then publish. | Listing |
| ChatGPT — Apps in ChatGPT (Apps SDK) | Same MCP server as the app backend. | Listing |
| Gemini / Vertex AI | Register the OpenAPI schema as an OAuth tool, or add the MCP server. | Listing |
| MCP registries (Cursor, VS Code, Windsurf, Claude Desktop…) | Add the remote MCP URL, or install from the MCP registry. | Live |
Auth is identical everywhere: OAuth 2.0 + PKCE with dynamic client registration — no per-store secret to manage for the MCP path.
| Tool | Description |
|---|---|
generate_threat_model | Generate a STRIDE threat model for an architecture or diagram. |
verify_threats_in_code | Verify whether modeled threats appear in the actual source code. |
get_traceability | Return the threat → requirement → control → remediation matrix. |
get_framework_coverage | Report control/framework coverage (NIST, ISO 27001, SOC 2). |
get_remediation | Prioritized, context-aware remediation guidance. |
compliance_status | Current compliance posture for the user's company. |
discover_shadow_ai | Shadow-AI posture — unsanctioned/unknown AI usage found in code (Code Security). |
get_api_security | API endpoint inventory: auth status, risk level & factors (Code Security). |
get_cloud_compliance | Cloud security & compliance posture per account, CIS/NIST (Cloud Compliance). |
https://api.aribot.ayurak.com/o/authorize/ · Token: https://api.aribot.ayurak.com/o/token//.well-known/oauth-protected-resource and /.well-known/oauth-authorization-serverread:findings run:codereview read:threatmodel write:threatmodel run:scan read:insightsThe connector calls Aribot's own first-party API (api.aribot.ayurak.com). It does not collect conversation data beyond what is needed to fulfil a request, and has no access to assistant memory, chat history, or user files. Reads and writes are limited to the authenticated user's company workspace.
Privacy policy: https://ayurak.com/privacy-policy
Aristiun / Ayurak — tejs@aristiun.com · ayurak.com · aristiun.com