Remote server URL
https://mcp.sibermate.com/mcp
Use this endpoint when your MCP client asks for the remote server URL. Compatible clients discover the OAuth setup flow automatically from this endpoint.
SiberMate Developer Platform
SiberMate API Documentation.
Automate learner, training, phishing simulation, policy, breach, and reporting workflows through one secure REST API.
Remote MCP
Let AI assistants manage SiberMate security awareness routines.
The SiberMate MCP server turns approved MCP-compatible clients into an AI-managed automation layer for security awareness work across Claude routines, Codex automations, and other connected assistants.
Guided connection flow
https://mcp.sibermate.com/setup
Open the setup page directly only when your MCP client does not launch the browser authorization flow by itself.
OAuth with tenant approval
Generate a tenant API key from Platform > Settings > API. During setup, SiberMate MCP verifies it and issues refreshable MCP bearer tokens that scope each client to the approved tenant.
Automation layer
SiberMate MCP gives AI clients controlled access to security awareness context and operational actions. Use it to inspect tenant metadata, learners, training, simulations, reports, policies, and breach visibility, then automate approved follow-ups such as assignments, reminders, policy workflows, and simulation routines when those tools are enabled for your tenant.
Safety notes
- Keep tenant API keys out of public repositories, screenshots, and logs.
- Use a dedicated API key for MCP setup so access can be rotated or revoked cleanly.
- Confirm your MCP client is connected to
https://mcp.sibermate.com/mcpbefore sharing prompts that include tenant data. - Ask your client to preview mutation or automation plans before executing them, especially for learner assignments, reminders, policy changes, and phishing simulations.
- Review AI-generated answers and action logs against the source records before using them for compliance, HR, or security decisions.
Client compatibility and fallbacks
The recommended setup is still https://mcp.sibermate.com/mcp as the
remote MCP server URL. Clients that support remote MCP OAuth will discover the
authorization flow automatically from that endpoint.
- If your client supports custom headers for remote MCP, use a dedicated SiberMate tenant API key as
Authorization: Bearer <SIBERMATE_API_KEY>. - If your client only supports local or stdio MCP servers, run a local bridge that connects to
https://mcp.sibermate.com/mcpand injects the authorization header from a local environment variable. - Do not use
https://mcp.sibermate.com/setupas the MCP server URL. That page is only a guided browser fallback when a client cannot launch OAuth automatically. - Bearer fallback mode remains tenant-scoped, but OAuth token refresh is handled only when the client completes the remote OAuth flow.
Prompt examples
Useful ways to ask your MCP client.
After connecting SiberMate MCP, use prompts like these to turn tenant data into operational summaries, follow-up lists, audit-ready context, and repeatable automation routines.
Tenant context
Summarize tenant readiness
Summarize this SiberMate tenant: enabled modules, learner capacity, active feature coverage, and any obvious setup gaps I should review before a customer call.Uses: sibermate_get_company, sibermate_get_company_features
Learners
Plan learner follow-up
Find learners who may need follow-up, group them by risk score, manager, and learner group, then draft a preview of the reminder or assignment actions you would take before making any changes.Uses: sibermate_list_learners, sibermate_list_groups
Learning
Queue training actions
Create a learning progress brief for this tenant. Highlight overdue training signals, identify the learners or groups to prioritize this week, and prepare a proposed assignment or reminder plan for approval.Uses: sibermate_get_learning_report, sibermate_get_course_participation_report
Onboarding
Automate new hire setup
Use SiberMate MCP as an onboarding operator. First show me the plan, then after I approve, create these new learners, attach them to the right groups, assign baseline courses, and assign required policies. Finish with an action log.Uses: sibermate_create_learner, sibermate_update_learner_groups, sibermate_create_course_enrollment, sibermate_create_policy_assignment
Automation
Run a weekly routine
Act as my weekly security awareness operator. Check training, policy, phishing, and breach signals, identify learners who need attention, ask for approval, then send the appropriate course, gap analysis, or policy reminders.Uses: sibermate_get_tool_help, sibermate_send_course_reminder, sibermate_send_gap_analysis_reminder, sibermate_send_policy_reminder
Phishing
Prepare a simulation routine
Review phishing simulation performance, identify the groups that need reinforcement, and draft a simulation routine with target audience, timing, manager notes, and confirmation steps before launch.Uses: sibermate_list_simulations, sibermate_get_simulation_metrics
Policies
Draft a policy workflow
Summarize published policies, find missing acknowledgements or outdated review signals, and draft a policy reminder workflow I can approve before sending it to affected learners.Uses: sibermate_list_policies
Policy rollout
Publish from template
Find the best matching policy template for an acceptable use rollout. Draft the policy workflow, ask for confirmation, then create the policy from template, publish the draft if approved, assign it to the selected learners, and summarize the rollout.Uses: sibermate_list_policy_templates, sibermate_create_policy_from_template, sibermate_publish_policy_draft, sibermate_create_policy_assignment
Breaches
Coordinate exposure response
Check breach exposure for this tenant, summarize affected account types and services, then draft a response routine with learner messaging, manager escalation notes, and evidence I should verify first.Uses: sibermate_list_breached_accounts, sibermate_list_breached_services
API Reference
Every endpoint below is generated from the OpenAPI contract, including request schemas, success examples, and client-safe error responses.