A security audit of 35 Model Context Protocol (MCP) servers revealed widespread vulnerabilities, with 62% exhibiting issues. The most common problem was path traversal, allowing unauthorized file access, exacerbated by AI agents' potential manipulation through prompt injection. Other critical findings included shell metacharacters in configurations leading to remote code execution, exposed API keys in public repositories, and unpinned package dependencies that pose supply chain risks. AI
Summary written by gemini-2.5-flash-lite from 1 sources. How we write summaries →
IMPACT Exposes critical security risks in the AI agent ecosystem, potentially impacting the adoption and trustworthiness of tools that rely on MCP.
RANK_REASON Security audit of a protocol used by AI agents, detailing specific vulnerabilities and a tool for detection. [lever_c_demoted from research: ic=1 ai=1.0]