cd /news/ai-agents/bring-lookup-disclose-io-into-your-w… · home topics ai-agents article
[ARTICLE · art-49512] src=blog.disclose.io ↗ pub= topic=ai-agents verified=true sentiment=↑ positive

Bring lookup.disclose.io Into Your Workflow

Disclose.io launched lookup.disclose.io integrations including a CLI, Caido and Burp Suite plugins, an MCP server for AI agents, and an API, allowing security researchers to map assets to disclosure contacts directly from their workflow. The tool aims to eliminate the last-mile problem of finding the right security team by providing a single input that returns VDPs, bug bounty programs, or security.txt contacts.

read4 min views2 publishedJul 7, 2026
Bring lookup.disclose.io Into Your Workflow
Image: Blog (auto-discovered)

lookup.disclose.io now plugs into the tools you already use: a CLI, Caido and Burp Suite plugins, an MCP server for AI agents, plus the web app and API. Try them, and tell us what to fix.

You found the bug. The clock just started on the part nobody enjoys: tracking down a human at the other end who will actually read your report. A domain leads to a company, which leads to a subsidiary, which leads to a "contact us" form from 2014. The finding was the easy part. Reaching the right person, safely, is where good-faith disclosure quietly goes to die.

That last mile is exactly what lookup.disclose.io exists to erase. Hand it an asset — a domain, an IP, a URL, a package, a repository, and more — and it does the boring detective work for you: mapping that asset to the organization behind it and the fastest safe way to reach their security team. A VDP, a bug bounty program, a security.txt

, a PSIRT, a CERT. One input, a real way in.

Here's the part we're genuinely excited about. lookup no longer lives only on the website. It now meets you where you already work.

Six ways to ask "who do I tell?" #

Wherever you are — your terminal, your proxy, your AI agent — you should be able to ask "who owns this, and how do I reach them?" without breaking flow. Here's the family as it stands today:

The web app. Zero setup, zero excuses. Go to lookup.disclose.io, paste an asset, read the answer. Perfect for a fast one-off.

The API. A clean JSON API for anyone who wants to script it. It ships with an OpenAPI description and an llms.txt

, so humans and machines both find it easy to consume. Want higher rate limits? Grab a free API key — just ask at hello@disclose.io.

The command line ( dio-lookup). Built for the pipe. Feed it assets straight from your recon pipeline and get security contacts back out. If you already chain tools together in the terminal, this one drops right into the flow.

The Caido plugin. Run a lookup on a target without ever leaving Caido. The Burp Suite extension. Same power, inside Burp — check a host's disclosure path from the tool you're already testing with.

The MCP server. A hosted Model Context Protocol server you can point your AI assistant or agent at. Once it's connected, your agent finds the right disclosure contact on its own, as one step in a bigger job.

We're keeping the specifics generic on purpose — the details differ a little per tool, and they're improving fast. Everything you need to get started (install steps, source, and the current instructions) lives on lookup.disclose.io and in the disclose.io GitHub org at github.com/disclose. Pick the on-ramp that matches how you already work, and follow that project's README.

Working well, and only getting started #

Straight with you: the service is working well. People are using it, and the integrations do what they say. It's also early in its evolution, and we're not going to pretend otherwise. There are asset types it maps beautifully and edge cases it doesn't yet. There are contacts it nails and some it still misses.

That's not a disclaimer. It's an invitation.

So please, break it #

This is where you come in. Try the integrations, and tell us what happens — especially when a lookup doesn't resolve, or points to the wrong place.

Here's why that matters more than it sounds. lookup runs on a growing map of the internet's disclosure paths, and a failed lookup is the single most valuable signal we can get: it marks the exact spot where the map is thin. Report it, and that gap gets filled — so the next person who looks up that same asset gets a real answer. Your feedback doesn't just help you. It compounds into better disclosure data for everyone.

The best ways to send it:

Open an issue on the relevant project ingithub.com/disclose— bugs, wrong contacts, missing asset types, feature ideas, all welcome.Email us athello@disclose.ioif you'd rather skip GitHub, or if you want an API key.

Reaching the right person, safely, is step zero of every good disclosure story. It should be frictionless, and it should work from wherever you already are. That's what these integrations are for — and with your help, they will get sharper every week.

Go try one. Don't be gentle. Let us know how it goes.

── more in #ai-agents 4 stories · sorted by recency
── more on @disclose.io 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/bring-lookup-disclos…] indexed:0 read:4min 2026-07-07 ·