Public story · 2026-02-23 · source-backed
MCP Authentication Crisis: The Numbers That Matter
Story
Astrix analysis of 5,000+ open-source MCP servers: 53% rely on static API keys, only 8.5% implement OAuth. The MCP spec now supports OAuth 2.1 with PKCE and .well-known/oauth-protected-resource discovery. Five risk domains: authentication gaps, supply chain weaponization, privilege escalation via unscoped tokens, confused deputy attacks, and data exfiltration via trusted channels.
Builder action: Implement OAuth 2.1 with PKCE for all production MCP servers. Use short-lived tokens (5-30 min). Static API keys in MCP servers are the equivalent of storing passwords in plaintext. The tooling exists — adoption is the bottleneck.
Source: Bitdefender | Astrix
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Same source / Shared topic / Earlier coverage
Bitdefender Quantifies MCP Security Crisis: 53% Static Credentials, 8.5% OAuth
Both cover Bitdefender, Builder, MCP, OAuth; cite the same source (Bitdefender); overlapping topics (attack, builder, chain, oauth, server).
Shared entities / Same source / Earlier coverage
Bitdefender MCP Security Deep Dive
Both cover Bitdefender, MCP, OAuth; cite the same source (Bitdefender); earlier Bitdefender coverage from 2026-02-22.
Shared entities / Shared topic / What happened next / Tension
SANDWORM_MODE: MCP Config Poisoning as Attack Vector
Both cover Builder, MCP; overlapping topics (attack, builder, chain, server); picks up the Builder thread on 2026-02-26.
Shared entities / Same source domain / Shared topic / What happened next
ClawHavoc Poisons ClawHub with 1,184 Malicious Skills: SKILL.md Poisoning Delivers macOS Stealer to 300,000+ Users
Both cover Bitdefender, MCP; reported by the same outlet (businessinsights.bitdefender.com); overlapping topics (attack, authentication, chain).
Shared entities / Shared topic / What happened next
MCP Ecosystem: 1,412 Servers, 38.7% Zero Authentication
Both cover Builder, MCP; overlapping topics (analysi, authentication, builder, server); picks up the Builder thread on 2026-02-25.
Shared entities / Same source / Earlier coverage
AI Agent Ecosystem
Both cover Bitdefender, MCP; cite the same source (Bitdefender); earlier Bitdefender coverage from 2026-02-22.
Shared entities / Shared topic / What happened next
The MCP auth spec now wants delegation, not agent-owned API keys.
Both cover MCP, OAuth; overlapping topics (keys, server, token); picks up the MCP thread on 2026-06-29.
One-Third of MCP Servers Are Vulnerable — 492 Have Zero Authentication
Both cover MCP, OAuth; overlapping topics (authentication, oauth, server); picks up the MCP thread on 2026-03-14.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — 2026-02-23
- AI generated
- no
- Story unit
- 2026-02-23-mcp-authentication-crisis-the-numbers-that-matter
- Labels
- source-backed, canonical briefing excerpt