I Scanned 35 MCP Servers for Security Vulnerabilities. 62% Had Issues.
A security audit of 35 Model Context Protocol (MCP) servers revealed widespread vulnerabilities, with 62% exhibiting issues. The most common problem was path traversal, allowing unauthorized file access, exacerbated by AI agents' potential manipulation through prompt injection. Other critical findings included shell metacharacters in configurations leading to remote code execution, exposed API keys in public repositories, and unpinned package dependencies that pose supply chain risks. AI
IMPACT Exposes critical security risks in the AI agent ecosystem, potentially impacting the adoption and trustworthiness of tools that rely on MCP.