TRM MCP Day 1: Resolve Alerts with Your AI Agent
It's Monday morning, and 20 new alerts have triggered over the weekend. An analyst starts working through the queue by hand to:
- Figure out which alert to prioritize first
- Understand why the alert triggered
- Identify exposure to any known entities
- Assess the risk for the destination address
- Open a graph to trace the exposure path
- Document all of their findings in a written disposition
With TRM MCP, an analyst does all of this work in your AI client by asking an agent.
{{50-trm-mcp-launch-blog-callout-1}}
Triage the weekend queue
An analyst asks their agent to pull everything that fired over the weekend, sorted by severity and transaction amount. The pile becomes a prioritized list with clear direction on where to start.

Starting with the highest severity alert, the agent returns the full context: why the alert triggered, what’s happening along the exposure path, risk insights on the destination address, known counterparties, and historical alerts on the destination address. What used to take several screens to assemble now arrives in one structured response that’s ready for the analyst’s judgment.
Investigate exposure paths
Next, the analyst asks the agent to drill into the exposure path. It assesses each intermediary hop, returning context like risk indicators, transaction activity and timing, links to known entities, and whether the address behaves like a service.

Validating indirect exposure paths is a judgment-heavy skill that takes years of experience to hone. TRM MCP gives your agents access to structured intelligence and tools, with over 100 years of combined investigative experience codified into skills. Your agent works with the same context as your analysts, so it can weigh whether a path is valid and surface a recommendation, enabling your analyst to make the final call.
Resolve alerts, defensibly
The analyst decides the exposure path is valid and the alert requires escalation for deeper review. They can escalate the alert with their reasoning and the agent automatically updates the alert status in TRM Transaction Monitoring.

Every disposition requires a written justification — drafted by the agent and reviewed by the analyst. Every action is logged to your TRM audit trail, marked as MCP-originated. TRM MCP surfaces the context and the recommendation. The analyst makes the call. The result is an alert worked start to finish in one session, with a record that can hold up under examination.
Build beyond the alert queue
The same tools the agent used to work alerts can power the larger workflows your team builds. The risk signals, alert context, and historical transactions become building blocks for whatever you're automating — an agent that reviews closed alerts against your procedures and flags the ones worth a second look, or an agent that drafts suspicious activity report (SAR) narratives for analyst review, grounded in on-chain data from an escalated alert and combined with off-chain and know-your-customer (KYC) data. TRM MCP is how your agents reach into TRM, but what they do from there is up to you.
Get started with TRM MCP
TRM MCP is live. If you’re interested in getting access, please reach out to your account team.
We're excited to see what your team builds with it.
{{horizontal-line}}
Frequently asked questions
1. What can TRM MCP do today?
TRM MCP lets your AI agent work a transaction monitoring alert end to end: triage the queue, investigate exposure paths, and dismiss or escalate the alert, all inside your AI client. This first release focuses on transaction monitoring alert resolution.
2. Which AI clients does it work with?
Any MCP-compatible client, including Claude, Cursor, and VS Code, or a custom agent your team builds. Analysts connect with their existing TRM credentials, so there's no new interface to learn.
3. Does TRM MCP respect our existing permissions?
Yes. Each person authenticates with their own TRM credentials and has the same access they do in the UI. Access is limited to reading data and dispositioning alerts — it can’t access PII or admin functions. Every action is logged to your TRM audit trail, and every disposition requires a written justification.
4. What's next for TRM MCP?
This first release focuses on transaction monitoring alert resolution. From here, we're bringing more of TRM's structured intelligence to your agents, enabling a wider range of compliance and investigative workflows.




















