Overview
The Drata MCP server lets AI assistants (Claude, ChatGPT, Cursor, Microsoft Copilot, and others) securely query and act on your Drata data in natural language — across controls, policies, risks, evidence, frameworks, vendors, personnel, devices, and identities.
Drata provides a remote hosted MCP server:
US:
https://mcp.drata.com/mcp/EU:
https://mcp-euc1.drata.com/mcp/APAC:
https://mcp-apse2.drata.com/mcp/
Access Note:
Access is governed by OAuth scopes and your Drata role: end users can only access the intersection of what the configured scopes allow and what their role already permits in the app — they cannot do anything through the MCP that their role can’t do in Drata. Some scopes allow write and delete actions (creating, updating, and deleting Evidence, creating and updating Controls, and updating Personnel); grant these deliberately, as they let the MCP modify Drata data on the user’s behalf when their role also permits it.
ℹ️ Already Connected MCP and need New Capabilities?
If your MCP is already set up and you would like to see newly released tools (for example, the Evidence tools) go to Add New Scope to an existing connection.
Set up Drata MCP for the first time
Setting up Drata MCP requires two steps: First, administrators need to set up OAuth for the tenant and second, users need to connect Drata Connector using their MCP client (i.e. Claude Desktop, ChatGpt).
Set up OAuth (administrators)
Click Settings
Click MCP OAuth Configuration (Note: you must be an administrator in Drata to access this page)
Enter a name for the OAuth Configuration
Enter a description of the configuration
Set an expiration date on the configuration
Select the scopes you want to configure (see Available scopes & roles below)
Available scopes & roles
Note on roles:
For read (
read:*) scopes, the read-only variant of any role listed above (for example, Read-only Admin, Read-only Control Manager) has the same view access; read-only roles cannot use create, update, or delete scopes.The Service User (integration) role also has equivalent access to every scope above.
A user always receives only the intersection of the configured scope and their role’s permissions.
OAuth Scope | Permission | Description | Allowed Roles
|
read:risk | Read Risk | View Risks in Risk Registers | Admin, Workspace Administrator, Information Security Lead, Risk Manager, Restricted Risk Manager, Risk Register Owner |
read:controls | Read Controls | View Controls list | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager, DevOps Engineer, Risk Manager, Restricted Risk Manager, Risk Register Owner |
read:control | Read Control | View Control details and requirements | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager, DevOps Engineer |
read:policy | Read Policy | View Policies | Admin, Workspace Administrator, Information Security Lead, Policy Manager |
read:workspace | Read Workspace | View Workspaces | Admin |
read:risk-registers | Read Risk Registers | View Risk Registers | Admin, Information Security Lead, Risk Manager, Restricted Risk Manager |
read:assigned-policies | Read Assigned Policies | View User Assigned Policies | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager, DevOps Engineer, Risk Manager, Restricted Risk Manager, Policy Manager, People Ops, Reviewer, Internal Auditor, Knowledge Base, Trust Center Manager, Trust Center Reviewer, Trust User, Employee |
read:monitor-test | Read Monitor Tests | View Monitoring Tests | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager, DevOps Engineer |
create:control | Create Control | Create new Controls | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager, DevOps Engineer |
update:control | Update Control | Modify Control details | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager, DevOps Engineer |
read:framework | Read Framework | View compliance Frameworks and their Requirements | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager, DevOps Engineer |
read:users | Read Users | View Users and Role members | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager, DevOps Engineer, Risk Manager, Restricted Risk Manager, Risk Register Owner, Policy Manager, People Ops, Reviewer, Internal Auditor, Knowledge Base, Trust Center Manager, Trust Center Reviewer, Trust User, Employee |
read:user | Read User | View User details | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager, DevOps Engineer |
read:evidence | Read Evidence | View Evidence library | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager, DevOps Engineer |
create:evidence | Create Evidence | Create Evidence items | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager |
update:evidence | Update Evidence | Modify Evidence items | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager |
delete:evidence | Delete Evidence | Delete Evidence items | Admin, Workspace Administrator, Information Security Lead, Control Manager, Restricted Control Manager |
read:vendor | Read Vendor | View Vendors, Questionnaires, and Security Reviews | Admin, Workspace Administrator, Information Security Lead, Risk Manager, Restricted Risk Manager |
read:vendor-security-review | Read Vendor Security Review | View Vendor Security Reviews | Admin, Workspace Administrator, Information Security Lead, Risk Manager, Restricted Risk Manager |
read:vendor-document | Read Vendor Document | View Vendor Documents | Admin, Workspace Administrator, Information Security Lead, Risk Manager, Restricted Risk Manager |
Connect MCP client (user)
Claude
Setup: follow Anthropic’s guide here.
Enable the Drata connector per conversation from the + (plus) menu → Connectors.
ChatGPT
Setup: follow OpenAI’s guide here.
By default the Drata connector (shown under “Apps”) can only search and fetch. To use write-capable tools (for example, creating evidence or updating personnel), enable Developer Mode (beta) in ChatGPT settings — available on the web for Plus, Pro, Business, Enterprise, and Edu plans.
In Developer Mode, ChatGPT shows the request payload and asks for confirmation before each write action — review it before approving.
Cursor
Setup: follow Cursor’s guide here.
Add the Drata MCP server under Settings → Tools & MCP (or install it from the Cursor MCP marketplace), then use Agent mode — Cursor automatically discovers and calls the available tools.
Use the Tools & MCP panel to toggle individual servers or tools on and off.
Microsoft Copilot
Setup: follow Microsoft’s guide here.
Add new scopes to an existing connection
As Drata releases new MCP tools (for example, the Evidence tools, or the new Personnel & Device tools), you may want to grant access to capabilities you didn’t originally enable. If you’ve already connected your MCP and would like to see more tools, follow these steps.
Administrator: add the new scope(s)
Go to Settings → MCP OAuth Configuration and edit your existing configuration
Under Scopes, select the new scope(s) you want to grant (for example, read:evidence, read:personnel, or read:device)
Save the configuration
End user: reconnect to pick up the new scopes
Newly added scopes are not applied to an active session automatically — your existing token was issued with the old set of scopes. To refresh it:
In your MCP client (for example, Claude), Go to customize->Connector-> Disconnect the Drata connector
Reconnect and complete the OAuth sign-in again — approve the new scopes on the consent screen
The new tools will now be available. As always, you will only be able to use a new capability if your assigned Drata role also permits it.
Best practices
Mention Drata by name
Always include “Drata” in your prompts. This helps the AI model correctly route your request to the Drata MCP tools rather than relying on its built-in knowledge.
✅ “Which controls are missing evidence in Drata?”
❌ “Which controls are missing evidence?”
Be specific with your requests
The more specific your prompt, the better the results. Include details like framework names, time ranges, risk categories, or team names when relevant.
✅ “Create a report of risks that don’t have a treatment plan in Drata”
❌ “Show me risks”
Use natural language
You don’t need to know Drata’s API or data model. Ask questions the way you’d ask a compliance analyst. Refer to a control by its code (e.g., CC6.1) and an owner by name or email rather than by ID. The same applies to people and devices — refer to personnel by name or email, to a personnel group by its name (e.g., “Engineering”), and to a custom field by its label (e.g., “Department”).
Security reminders
Drata’s MCP server uses OAuth authentication — your credentials are never shared with the AI client
The AI client can only access data you have permissions for in Drata
Scopes that allow create, update, or delete should be granted deliberately, since they let the MCP modify Drata data on your behalf
As an administrator, you can revoke access at any time from your Drata account or from the AI client’s connector settings
Sample Prompts
Example prompts grouped by area. Create, update, and delete prompts require the matching write scope and a role that permits the action. Note that for control owners and other relation lists, “set the owner” replaces the existing set unless you say “without removing the current ones.”
General & knowledge
Am I allowed to use Jira on my phone?
How often am I required to come into our office to work during the week?
How often am I required to do security awareness training?
What is the SLA in our policies for fixing critical vulnerabilities?
My engineering team is handling an incident related to our application. What are the incident response steps I should be aware of in Drata based on our policies and controls?
Controls
Which controls in Drata are not ready?
List controls in Drata that are monitored but currently failing.
Show controls in Drata mapped to SOC 2 CC6.
Which controls in Drata are owned by [email protected]?
Who is the owner for our access controls in Drata?
Create a report of controls in Drata that are not ready and tell me what frameworks they are related to.
Create a control in Drata called “Quarterly access reviews” and map it to SOC 2 CC6.1.
Create a control in Drata for “Annual penetration testing” and assign [email protected] as the owner.
Assign [email protected] as an owner of control CC1.1 in Drata.
Add [email protected] as an owner of DCF-15 in Drata without removing the current owners.
Update the description of control CC6.1 in Drata.
Link the Change Management Policy to control DCF-37 in Drata.
Map control DCF-15 to the SOC 2 and ISO 27001 requirements in Drata.
Frameworks & requirements
How ready are we for ISO 27001 in Drata — list the requirements not yet met.
Which SOC 2 requirements in Drata have no controls mapped?
List the SOC 2 requirements in Drata that aren’t ready yet.
Find CCPA requirements in Drata that mention “1798”.
Policies
Search Drata policies for our password / MFA requirements.
List our Drata policies and who owns each.
Evidence
Which evidence in Drata is expired or due for renewal?
List evidence in Drata owned by [email protected].
List the evidence in Drata linked to control DCF-15.
Create a new piece of evidence in Drata and attach it to control DCF-15.
Upload evidence in Drata named “2026 Pen Test Report”, owned by [email protected], linked to control CC7.1.
Create evidence in Drata from this URL and link it to control DCF-37.
Rename the evidence “Old Report” to “2026 Report” in Drata.
Change the owner of [evidence] to [email protected] in Drata.
Re-link [evidence] to controls CC6.1 and CC6.2 in Drata.
Update the renewal date or cadence on [evidence] in Drata.
Delete the outdated evidence item “[name]” in Drata.
Note: We currently don't support adding local files through the MCP client as evidence. The MCP protocol does not support that reliably.
Risks
Create a report of risks in Drata that need attention.
Which risks in Drata are high severity without a treatment plan?
Create a report of risks in Drata created in the last 6 months that don’t have a treatment plan.
What risks don’t have a treatment plan in Drata and who are their owners?
What risks in Drata are associated with background checks and security training for personnel?
I’m monitoring a risk regarding our cloud infrastructure. What risks in Drata are currently related to this?
List the risks in our [name] risk register in Drata.
Monitoring tests
Are there any failing tests for version control systems connected in Drata?
Do we have tests in Drata ensuring data is not publicly accessible?
Which monitoring tests in Drata are failing for our cloud provider?
Create a report of all failing tests in Drata and rank them by priority.
Show all failing tests in Drata grouped by the control they support.
Identity & access
Who has Admin access in Drata?
List all members of the [role name] role in Drata.
What is Jane Doe’s role in Drata?