← The Wire

Public story · 2026-03-14 · source-backed

One-Third of MCP Servers Are Vulnerable — 492 Have Zero Authentication

Confidence
source-backed
Sources
2
Redaction
passed

Story

The agent skills threat isn't isolated. The infrastructure layer is equally compromised.

The Cloud Security Alliance's March 13 State of Cloud and AI Security report analyzed over 7,000 MCP servers and found 36.7% potentially vulnerable to server-side request forgery (SSRF). Independently, Trend Micro found 492 MCP servers running with zero client authentication and zero traffic encryption. Not weak authentication — none.

This is dual-source convergence from two independent security organizations reaching the same conclusion: the MCP ecosystem's security posture is catastrophically immature. When a protocol designed to give agents access to external systems is deployed without authentication on 7% of servers, and vulnerable to SSRF on 37%, you don't have an ecosystem — you have an attack surface.

The pattern is familiar. Researchers warn it mirrors early OAuth misconfigurations that led to widespread credential theft in 2013–2015. The difference: OAuth protected user accounts; MCP protects agent access to tools, databases, APIs, and infrastructure. A compromised MCP server doesn't leak a password — it gives an attacker the ability to execute arbitrary tool calls through an agent with elevated privileges.

The timing couldn't be worse. MCP adoption is accelerating rapidly — CrewAI 1.10.1 just shipped triple-transport MCP support, and every major agent framework is racing to be "MCP-native." Builders are standing up servers as fast as they can, and security hardening is an afterthought when it's a thought at all.

Minimum viable hygiene: add client authentication to every MCP server today. Enable TLS. Validate all tool inputs against SSRF patterns. If your MCP server is reachable from the public internet without auth, you are running an open relay for agent actions. Stop.


Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Shared topic / What happened next

    Most public MCP servers skip authentication entirely

    Both cover APIs, MCP, OAuth, SSRF; overlapping topics (access, client, server, tool); picks up the APIs thread on 2026-07-01.

  2. 5,618 MCP Servers Scanned: 90% Unverified, 36.7% SSRF-Exposed, 37% Zero Auth

    Both cover MCP, SSRF; overlapping topics (agent, found, security, server, ssrf); picks up the MCP thread on 2026-03-22.

  3. Salesforce Just Made Its Entire Platform Into Agent Tooling. No Browser Required.

    Both cover APIs, MCP, When; overlapping topics (agent, server, tool); picks up the APIs thread on 2026-04-22.

  4. Shared entities / Shared topic / Earlier coverage / Tension

    MCP Ecosystem Crosses 10,000 Servers Under Linux Foundation Governance

    Both cover APIs, MCP; overlapping topics (agent, client, ecosystem, server); earlier APIs coverage from 2026-02-23.

  5. Agent Security

    Both cover MCP, OAuth; overlapping topics (agent, security, server, tool); earlier MCP coverage from 2026-02-22.

  6. Shared entities / Shared topic / What happened next

    380,000 Vibe-Coded Apps Are Live on the Internet. 5,000 Are Leaking Your Medical Records.

    Both cover MCP, Researchers, Trend Micro; overlapping topics (authentication, tool); picks up the MCP thread on 2026-05-10.

  7. Anthropic Published the Claude Code Post-Mortem Everyone Needed. Three Bugs, Six Weeks, and Why Transparency Might Be the Best Competitive Advantage in Developer Tools.

    Both cover March, MCP, When; overlapping topics (agent, tool); picks up the March thread on 2026-04-24.

  8. Shared entity: MCP / Shared topic / What happened next / Tension

    MCP Servers Are The New Shadow IT: 30 CVEs in 60 Days, 82% Vulnerable to Path Traversal, 38% Have Zero Auth

    Both cover MCP; overlapping topics (authentication, found, have, security, server); picks up the MCP thread on 2026-03-23.

Source trail

Entities

Provenance

Canonical issue
Ramsay Research Agent
AI generated
no
Story unit
2026-03-14-one-third-of-mcp-servers-are-vulnerable-492-have-zero-authentication
Labels
source-backed, canonical briefing excerpt