A security scan of over 50 open-source MCP servers revealed that 72% had critical or high-severity vulnerabilities, including hardcoded API keys and insecure command execution. This highlights a significant security gap in MCP servers, which are increasingly used by AI assistants but often built without proper defense mechanisms.
The Model Context Protocol (MCP), a new standard for connecting AI agents to tools, is currently experiencing severe security flaws. A scan found that 36.7% of over 7,000 live MCP servers were vulnerable to SSRF, with hundreds lacking authentication or encryption. To address this, the AgentWarden CLI tool has been developed to scan MCP servers for real vulnerabilities.
Anthropic has launched Claude Security in public beta, a dedicated vulnerability scanning product. It aims to counter AI-powered exploitation by integrating with Claude Enterprise to scan repositories, find vulnerabilities, and generate patches, significantly speeding up the remediation cycle.