Introducing the Dashlane MCP Server for AI-Powered Audit Log Access
IT admins and security engineers are increasingly using AI agents to speed up investigations, triage alerts, and automate operational tasks. The challenge has been connectivity: Getting sensitive audit data into AI systems without building fragile integrations or compromising security boundaries.
That’s why we’re launching a Dashlane MCP server for audit logs in beta for Dashlane Business customers.
The Dashlane MCP server exposes Dashlane audit logs through the Model Context Protocol (MCP), allowing AI agents to query credential activity in a controlled, read-only way.
This gives you a new interface to Dashlane telemetry that is purpose-built for AI-driven workflows.
Why it matters for admins and security engineers
Dashlane audit logs already contain high-signal events: Admin actions, credential usage and risk, sharing activity, policy enforcement, and more. The friction has always been in extracting insights fast enough.
Through the Dashlane MCP server, you can:
- Ask investigative questions in plain language instead of crafting complex queries
- Quickly scope risks and incidents by timeframe, user, or event type
- Correlate Dashlane activity with other security signals
- Automate recurring audit and compliance checks
The result is less time spent moving data around and more time spent understanding what’s actually happening.
Use cases
Claude Code exploring Dashlane audit logs
As a concrete example, we connected Claude Code to Dashlane audit logs through the MCP server.
Claude can:
- Summarize recent admin, sharing, and credential activity
- Detect anomalies such as unusual spikes in password changes
- Answer follow-up questions iteratively
- Produce human-readable summaries for security reviews or audits
Instead of exporting logs and post-processing them elsewhere, the analysis happens interactively and on demand.
Here’s a demo of the MCP server in action with Claude Code:
Integrating with SIEM and SOAR AI workflows
Conversational analysis is only one use case.
Because MCP is designed for agent-based systems, the Dashlane MCP server can also feed:
- SIEM platforms with AI copilots, such as Splunk AI
- SOAR platforms with autonomous agents, such as CrowdStrike Charlotte AI
- Internal AI-powered data analysis tools
This enables workflows where Dashlane credential activity becomes a first-class signal for detection, correlation, and automated response.
How to set it up
You can get the MCP server running in a few minutes with the Dashlane CLI (dcli) and a set of Business CLI keys.
1. Install and configure the Dashlane CLI
2. Install the MCP server runtime
3. Register the MCP server with your AI agent
4. Query audit logs: With the agent connected, you can now make natural-language calls like: “Summarize failed login attempts for users in the last 48 hours.”
5. Extend into your workflows: Use this setup to feed audit insights into SIEM/SOAR agents or internal analysis pipelines by pointing those agents at the same MCP server. Because MCP is transport-agnostic, you can adapt this pattern for other AI-native tools supporting the protocol.
Step-by-step instructions are available in our documentation and GitHub repository.
How it works
From an architectural perspective, the Dashlane MCP server:
- Exposes audit logs as structured, read-only MCP resources
- Enforces strict authentication and authorization per tenant
- Acts as a secure bridge between Dashlane and AI agents
- Preserves Dashlane’s zero-knowledge and security principles
No credentials are exposed, and access is fully auditable.
We want to learn how you use it
This beta is an early step toward AI-native security operations for Dashlane.
We are eager to learn how IT and security teams use AI agents with Dashlane audit logs, whether for investigations, compliance reporting, automation, or new workflows we haven’t anticipated yet.
If you’re a Dashlane Business customer and want to try the MCP server, or if you have feedback on what should come next, we would love to hear from you on GitHub.
Sign up to receive news and updates about Dashlane
