A security assessment found approximately 2,000 publicly exposed Model Context Protocol (MCP) servers operating without authentication or access controls [1].
This vulnerability creates a significant attack surface for AI-driven applications. Because MCP allows AI models to interact with external data and tools, the lack of security guardrails could allow unauthorized actors to manipulate the data these models rely on, or gain access to sensitive internal systems.
The findings come from a report titled "The State of MCP Security 2026" [2]. Analysts said these servers are exposed on the public internet worldwide [3]. The report suggests the risk is primarily due to the rapid adoption of the protocol by organizations that have not yet implemented proper security configurations [4].
Model Context Protocol is designed to standardize how AI agents connect to various data sources. However, the ease of deployment has led to widespread insecure configurations [4]. Security analysts said the absence of authentication means anyone with the server address can potentially execute commands or retrieve information [1].
Industry experts said the current state of MCP deployments reflects a common pattern in new technology adoption where functionality precedes security. The report highlights that as more enterprises integrate MCP into their AI workflows, the risk of data breaches or unauthorized system access increases unless authentication is mandated [2].
Organizations are encouraged to review their MCP server configurations and ensure that all public-facing endpoints are protected by robust access controls [4]. The assessment underscores the need for a security-first approach to AI infrastructure as the protocol becomes more central to corporate AI operations [2].
“Approximately 2,000 publicly exposed MCP servers operating without authentication.”
The discovery of thousands of unsecured MCP servers indicates a critical gap in the AI supply chain. As companies shift from simple chatbots to autonomous AI agents that can read and write data via MCP, these servers become high-value targets. If left unpatched, this systemic lack of authentication could lead to large-scale data exfiltration or the injection of malicious instructions into AI workflows across multiple industries.



