Nearly 2,000 MCP Servers Possess No Security Whatsoever

Nearly 2,000 Model Context Protocol (MCP) servers exposed on the internet are operating without any authentication or access controls, creating significant cybersecurity vulnerabilities across multiple industries. Research by Knostic revealed that all 119 sampled MCP servers responded to “tools/list” requests without authentication checks, exposing sensitive corporate data including database connectors, cloud services management tools, automotive repair systems with cost estimations, legal case databases, and corporate productivity dashboards. MCP servers, designed to connect AI models to data sources, have proliferated rapidly since Anthropic introduced the protocol nine months ago, but their “functional out-of-the-box” design has attracted users without cybersecurity experience who deploy them on public networks without proper security measures. Potential attack vectors include arbitrary command execution leading to system compromises, data exfiltration of credentials and API keys, and “denial of wallet” attacks consuming victims’ computing resources to inflate bills. While Anthropic’s original MCP specifications left authentication optional and recent updates provide security guidelines without mandating protection, security researcher Heather Linn emphasizes this represents typical growing pains for emerging AI technologies where ease of use often precedes security implementation, highlighting the urgent need for developers and organizations to implement proper access controls before exposing MCP servers to public networks.​​​​​​​​​​​​​​​​