Verisq exposes its full vendor risk, scorecard, SBOM, and breach intelligence surface through certified connectors for the Microsoft, OpenAI, and Anthropic ecosystems — plus a public REST API and a public scorecard endpoint that needs no authentication.
Custom connector certified through Microsoft Partner Center. 16 operations spanning TPRM, scorecards, SBOM vulnerability intelligence, and breach monitoring. Mixed auth — OAuth 2.0 for tenant data, public scorecard requires none. Full Copilot Studio compatibility with x-ms-summary fields on every action.
View in Microsoft AppSource →The Power Platform connector exposes itself as a Copilot Studio plugin. Microsoft 365 Copilot users can ask "what's the score for example.com?" or "list my critical vendor findings" and the assistant calls Verisq directly with the user's tenant context.
Add to Copilot Studio →Remote MCP server with interactive UI resources, listed in the OpenAI ChatGPT Apps Directory. 11 tools — one anonymous public scorecard, ten tenant-scoped OAuth tools — and 6 React widgets for inline scorecard rendering, vendor cards, and finding lists.
Install in ChatGPT →Same Remote MCP server, listed separately in the Anthropic Connectors Directory for Claude.ai users. The MCP App pattern means widgets render inline in chat — vendor scorecards, risk vector breakdowns, and finding lists appear as native UI, not text dumps.
Install in Claude →The MCP server is a single deployment that supports Claude, ChatGPT, and any other MCP-aware LLM. Mixed auth — public scorecard tool needs no OAuth, the other ten tools use OAuth 2.0 Authorization Code. Same tools, same widgets, any client.
Connect any MCP client →Full programmatic access for tenant integration teams. OpenAPI 3.0 schema. The public scorecard endpoint (rate-limited, per-IP and per-domain) requires no authentication — drop it into any internal tool. Tenant-scoped endpoints use OAuth 2.0.
Read the API docs →| Use case | Power Platform | Copilot Studio | ChatGPT | Claude | REST API |
|---|---|---|---|---|---|
| Power Automate flows | ✓ | — | — | — | via custom code |
| Microsoft 365 Copilot | indirect | ✓ | — | — | — |
| ChatGPT inline scorecards | — | — | ✓ | — | — |
| Claude.ai inline scorecards | — | — | — | ✓ | — |
| Anonymous public scorecard lookup | ✓ | ✓ | ✓ | ✓ | ✓ |
| Custom internal tool integration | via flows | — | — | — | ✓ |
| Logic Apps automation | ✓ | — | — | — | via custom code |
| BYO LLM with MCP | — | — | — | — | ✓ MCP server |
All five integration paths share the same auth model: mixed auth. The public scorecard endpoint (rate-limited, per-IP and per-domain, with adaptive Cloudflare Turnstile after rapid requests) requires no authentication — anyone can look up any company. All other tools and operations use OAuth 2.0 Authorization Code with PKCE against Verisq Identity. Tenant SKU enforcement happens at the API layer via structured HTTP 402 "upgrade required" responses; the integration layer doesn't branch on SKU.
The 10 Vendors Free tier supports OAuth tools that work within its feature set — scorecard, vendor portfolio, scan trigger, list and read findings. Out-of-tier operations (SBOM, supply-chain alerts, breach feed, DSAR, privacy center) return HTTP 402 with structured upgrade guidance the AI assistant can surface to the user. Build your prototype on Free, upgrade when you ship.