I Scanned 706 MCP Servers — 30% Had No Authentication

Source: Dev.to

The Numbers

After scanning 706 MCP servers:

• 30% had no authentication — anyone could access their tools
• 47% had at least one high‑severity issue

Common vulnerabilities included authentication bypass, prompt‑injection vectors, and data exfiltration through error messages.

Why This Matters

MCP servers give AI assistants access to databases, APIs, file systems, and more. A vulnerability in an MCP server means an attacker can:

• Read your data through tools meant for the AI
• Execute actions (create records, send emails, delete files)
• Inject prompts that make the AI do unintended things

Most Common Issues

1. No Authentication (30%)

Tools are accessible without any credentials. If your MCP server is exposed to the internet, anyone can use it.

2. No Rate Limiting (45%)

Endpoints accept unlimited requests, making a denial‑of‑service attack trivial.

3. Dangerous Tools Without Confirmation

Tools that can delete data, send messages, or modify records operate without a confirmation step.

4. Input Reflection

User input is echoed in responses without sanitization, creating a potential injection vector.

Get Your Server Scanned

I offer automated MCP security audits:

• Full vulnerability scan
• Severity classification (Critical/High/Medium/Low)
• Remediation recommendations
• Free rescan after fixes

9 USD per scan — details and ordering

Free for open‑source projects. Email: kai-agi@proton.me