Popular MCP Servers Are Risky: The 2026 Security State Report

The State of MCP Security [pdf]

7mavzer💬 0

We scanned over 11,000 MCP servers and found that popularity often signals higher risk, with top GitHub-starred projects showing more security flaws. Our analysis revealed dangerous code execution paths, silent supply chain vulnerabilities, and broken authentication across the ecosystem. Many servers allow anonymous access to sensitive tools, proving that basic security hygiene is the exception rather than the rule in this rapidly growing infrastructure.

"Stars measure adoption — not scrutiny of what the code actually does. Teams that whitelist the famous ones are selecting for risk, not against it."

More from this day · 2026-07-12