Your AI agent calls Hunt.

Gets a verdict. Blast radius, infected files, last clean recovery point. Structured data returned in seconds. No human in the loop until you decide to recover.

Install MCP Server
elastio-mcp-server
Query Asset Risk
Ask about the security posture of any asset in natural language.
Trigger Hunts
Initiate detection runs across your data estate conversationally.
Find Clean Recovery Points
Identify the most recent verified-clean backup for any workload.
"Show me the last clean recovery point for prod-db-01"

Every Elastio capability. Exposed as a tool call.

Any MCP-compatible AI client can invoke the Hunt Engine, query forensic artifacts, and orchestrate recovery directly. No custom integrations. No undocumented APIs.

Standardized Tool Interface

Every Elastio operation, from triggering a hunt to querying forensic artifacts, is published as a discoverable MCP tool with typed input and output schemas. Any MCP-compatible client connects without custom integration work.

Policy-Gated Execution

All MCP tool invocations inherit Elastio's existing RBAC and audit controls. AI agents operate within the boundaries the operator has explicitly authorized. Every action is logged and traceable.

Full Hunt Engine Access

Agents invoke the Hunt Engine directly, selecting detection models, targeting recovery points across live, replicated, and backup data, and receiving structured verdicts. No human step required.

Automated Recovery Orchestration

Chain hunt results into downstream actions. Query verified recovery points, initiate provable recovery, and trace blast radius — all through MCP tool calls without leaving your AI environment.

Governance does not break for AI agents.

Every MCP tool call runs through the same RBAC and audit trail that governs human operators. Agents perform only the actions the operator has explicitly authorized. Every action is logged and traceable.

Hunt via MCP

Your AI agent calls Hunt.

Gets a verdict. Blast radius, infected files, last clean recovery point. Structured data returned in seconds. No human in the loop until you decide to recover.

Trigger Hunts Programmatically

Agents invoke the Hunt Engine through MCP tool calls — selecting detection models, specifying recovery points across live, replicated, and backup data, and receiving structured verdicts without human intervention.

Inputelastio_hunt_asset
JSON
{
  "tool": "elastio_hunt_asset",
  "input": {
    "asset_id": "i-0a3f8c21d94b7e612",
    "asset_type": "ec2",
    "recovery_point": "rp-2026-03-10T02:00:00Z",
    "models": ["ransomware", "malware", "encryption"]
  }
}
OutputINFECTED
{
  "verdict": "INFECTED",
  "threats_found": 3,
  "threat_kinds": ["ransomware", "encrypted_files", "c2_beacon"],
  "infected_files": 1847,
  "blast_radius_gb": 312,
  "last_clean_rp": "rp-2026-03-08T14:00:00Z",
  "r_rpo_hours": 36,
  "confidence": 0.9997
}

Agentic Workflows

What you can build with Elastio MCP tools.

Reference architectures. Each uses documented MCP tools available today. Compose them into workflows that fit your environment.

01Posture

Continuous Posture Agent

An agent that queries every new recovery point as it lands. Runs detection tools, surfaces anomalies to your SOC before they become incidents. Coverage across live, replicated, and backup data.

02Response

Incident Response Copilot

During an active event, an AI copilot queries Elastio to identify the blast radius, pinpoint the last clean recovery point, and draft a recovery plan in minutes, not hours.

03Compliance

Compliance Audit Assistant

Generates on-demand compliance evidence by querying hunt history and forensic audit trails. Output formatted for auditor consumption without manual extraction.

04Recovery

Recovery Orchestrator

Coordinates multi-workload recovery sequences by querying verified recovery points before restore. Identifies the last clean recovery point per asset. Human operator approves before recovery executes.

05Intel

Threat Intelligence Enrichment

Cross-references external IOCs against Elastio's threat data. Identifies whether known threats exist in your backup chain, not just at the perimeter.

Works with any MCP-compatible client.

The Elastio MCP Server runs via npx and connects to your Elastio tenant with two environment variables. No additional infrastructure required.

Required environment variables

VariableDescriptionExample
ELASTIO_TENANT_URLURL of your Elastio tenanthttps://your-tenant.app.elastio.com
ELASTIO_API_KEYElastio API access tokenyour-access-token

Supported clients

Claude DesktopClaude CodeCursorVS Code + CopilotWindsurfAny MCP Host
{
  "mcpServers": {
    "elastio": {
      "command": "npx",
      "args": ["-y", "https://mcp.elastio.com/elastio-mcp-0.10.0.tgz"],
      "env": {
        "ELASTIO_TENANT_URL": "https://your-tenant.app.elastio.com",
        "ELASTIO_API_KEY": "your-access-token"
      }
    }
  }
}

Get Started with MCP

Recovery you can prove. Delivered through your AI stack.

Connect the Elastio MCP Server to your AI environment and give your agents direct access to the Hunt Engine, forensic data, and recovery operations — with full RBAC and audit trail intact.

Speak With an Expert Go to mcp.elastio.com
Elastio