A new study has highlighted the widespread exposure of Model Context Protocol (MCP) servers, revealing significant security flaws that could impact organizations globally.
Knostic’s research team discovered a total of 1,862 MCP servers exposed to the internet. From that set, 119 servers were sampled for manual verification. All 119 servers allowed access to internal tool listings without authentication.
The study was conducted using Shodan and a suite of custom Python tools. The research team fingerprinted and mapped production MCP servers. All servers discovered in the study were insecure, revealing their capabilities to anyone asking.
Given the rapid adoption of AI technologies, the low quality of the systems themselves, combined with nonexistent security, is certainly worrying. It raises concerns that, as with previous technologies, security will only be introduced after the systems have already been exploited.
“Our research underscores a pressing issue in AI adoption: security issues will find you if you do not seek them out,” said Gadi Evron, Co-Founder and CEO of Knostic. “Without proper safeguards, organizations risk exposing sensitive data and functionalities to unauthorized users, with potentially severe consequences.”
