This allows security teams to perform complex domain investigations and infrastructure mapping through natural language without leaving their AI workflows.
DomainTools, the global leader in domain and DNS threat intelligence, today announced the general availability of its Model Context Protocol (MCP) server, a hosted, production-ready integration that connects AI agents and Large Language Models (LLMs) directly to DomainTools’ comprehensive domain intelligence datasets.
Security teams can now retrieve Risk Scores, hosting history, passive DNS records, and infrastructure connections through natural language prompts, without switching tools or writing custom queries.
The announcement arrives as AI adoption in security operations accelerates beyond the evaluation phase. According to a 2025 ISC2 survey, 30 percent of cybersecurity teams have already integrated AI security tools into their operations, and an additional 42 percent are actively evaluating or testing them. Yet most AI deployments lack governed, direct access to the high-fidelity threat intelligence data that makes investigation and triage meaningful.
The DomainTools MCP server addresses that gap, delivering more than 20 years of Domain intelligence directly into the AI interfaces where analysts are already working.
Also Read: CIO Influence Interview with Gihan Munasinghe, CTO of One Identity
“Security teams are not waiting to figure out AI — they are deploying it now, and they need trusted data to make it effective,” said Brendan O’Connell, Chief Product Officer at DomainTools. “The MCP server is our answer to that need: a production-ready bridge between the world’s most comprehensive DNS intelligence and the AI models analysts use every day. With a single prompt, analysts can perform the kind of complex link analysis and infrastructure mapping that previously required multiple tools and significant expertise.”
The DomainTools MCP server delivers immediate value across three core dimensions:
● Frictionless Adoption: Analysts access DomainTools intelligence directly within their existing AI workflows: no new interface to learn, no context-switching required. This is intelligence without the interface.
● Accessible Investigations: Analysts can execute deep infrastructure mapping and proactive threat hunting through simple natural language prompts, effectively narrowing the skill gap between entry-level and senior practitioners.
● Operational Scale: By automating the retrieval, analysis, and pivoting of DNS records within AI agents, security teams can investigate a significantly higher volume of domain-related threats.
Unlike open-source MCP reference implementations, the DomainTools MCP server is a hosted, fully managed service built to meet the security, reliability, and scale requirements of enterprise SOC environments.
Purpose-built tool design optimizes context window efficiency, ensuring AI agents receive precisely the intelligence they need — nothing more, nothing less. Organizations do not need to operate or maintain their own MCP infrastructure to benefit.
MCP is an open standard designed to allow LLM applications to securely connect to external data sources and tools. With the MCP reference server project drawing significant developer adoption since its introduction, MCP is rapidly becoming a common integration layer for agentic security workflows.
DomainTools is bringing its domain intelligence into this emerging standard interface, enabling security teams to connect AI agents to trusted investigation data without custom development work.
For organizations that have already invested in AI solutions, the DomainTools MCP server acts as an immediate force multiplier providing the real-time domain context necessary to defend against modern cyberattacks, whether teams are conducting automated threat hunting, accelerating incident response, or enriching existing security workflows.
Catch more CIO Insights: CIO as Orchestrator of Cross-Functional Digital Strategy
[To share your insights with us, please write to psen@itechseries.com ]
