Elastio, the pioneer of agentless ransomware recovery assurance, is proud to announce the release of our Model Context Protocol (MCP) Server, powered by Anthropic’s open-source MCP standard. With this release, security teams can now connect Large Language Models (LLMs) like Claude directly to Elastio’s ransomware and insider threat data, using plain English prompts to ask questions, summarize findings, and identify compliance and recovery gaps in real time.
The Problem We’re Solving
Boards Want Proof – Not Promises – of Ransomware Recoverability
Organizations today are under pressure to prove ransomware recoverability to boards, regulators, and cyber insurers. Elastio’s MCP Server helps automate that proof. It allows security, cloud, and infrastructure teams to interact with Elastio’s ransomware scan results, clean recovery points, and threat telemetry using any LLM client that supports the MCP standard, such as Claude, Cursor, Claude Code, and Windsurf.
- Faster understanding of ransomware risks and affected systems
- Natural language access to real-time scan results
- Instant retrieval of the last clean recovery point per asset
How It Works
Your scan data, delivered in plain English by AI
The Elastio MCP Server runs securely within your environment and connects to your Elastio SaaS instance. From there, it acts as a bridge between your cloud assets and any AI chatbot that supports MCP.
You can ask questions like:
- “Do I have any EC2 instances or S3 Buckets with active threats?”
- “What are the risk levels and remediation steps for infected instances?”
- “What’s the most recent clean recovery point for each asset?”
LLMs respond with detailed findings — including risk assessments and recovery guidance, based on your actual scan results.
While the MCP tooling itself is deterministic, meaning that the raw data retrieved from Elastio will always match what is shown in the UI, the LLM operates independently and may misinterpret or misrepresent information based on how it processes the data.
Note: Elastio is not processing any of your data using LLMs; this MCP tool will utilize the metadata of the scans provided by Elastio and leverage LLMs on your end to answer the questions.
What You Can Do With It
Security analysts can now interactively explore findings such as:
- Ransomware infections like WannaCryptor, Clop, and Redkeeper
- File-level threat locations and severity scores
- Tailored remediation guidance per infected asset
- Gaps in backup integrity or clean recovery coverage
- Real-time snapshots of ransomware exposure across your infrastructure
For example, Elastio MCP surfaced:
- Multiple ransomware variants across five EC2 instances
- Two systems without any clean recovery points available
- Others with validated, restorable backups from March 2025
- Critical threats requiring isolation and forensic response
Ask Anything About Your Ransomware Exposure, And Get Actionable Answers
The MCP Server unlocks conversational queries across your Elastio environment, giving you immediate access to the real-time state of your assets, risks, and clean recovery points. No dashboards to dig through. No scripting required. Just provable ransomware readiness, on demand.
What You Can Do with Elastio MCP:
- Asset Ransomware Risk Discovery: Ask which cloud assets have active ransomware, insider threats, or failed scans
- Backup Integrity Checks: Instantly find out which backups are clean and which are compromised
- Recovery Readiness Validation: Identify the most recent usable recovery point for any asset
- Insider Threat Analysis: Check for encryption activity that bypassed perimeter defenses
- Compliance Gaps: Uncover which resources lack recovery assurance or validated backups
- Automated Reports: Generate reports on your ransomware recovery posture.
Installation
To deploy the Elastio MCP server, follow the instructions. The Elastio MCP Server is available now in preview. We’re eager to receive your feedback to inform the development of future capabilities, including DevOps integrations and automation hooks.
