We Scored 14,800+ MCP Servers on Behavioral Trust. Here's What We Found.

The MCP ecosystem has a trust problem — and scanning source code won't fix it

The Model Context Protocol ecosystem is growing fast. Thousands of MCP servers now offer tools that AI agents call autonomously — executing code, querying databases, moving money, managing infrastructure. Agents are making decisions on behalf of humans, and those decisions depend on servers they've never met.

Recently, a well-circulated analysis scanned roughly 1,800 MCP servers and found security issues in a significant percentage of them. That work was valuable. Static analysis catches real bugs: injection vulnerabilities, missing input validation, insecure defaults.

But here's the question nobody asked: what happens after deployment?

A server can pass every static check and still behave terribly in production — dropping requests, responding with garbage after midnight, degrading quietly over weeks until an agent makes a costly mistake. Static analysis is a snapshot. Production is a film.

We Scored 14,800+ MCP Servers on Behavioral Trust. Here's What We Found.

Other newsrooms on this story

Related reading

Manifold Security Just Scored 7,700 MCP Servers. Here's Why That Number Should…

Other newsrooms on this story

Related reading

Manifold Security Just Scored 7,700 MCP Servers. Here's Why That Number Should…

GitHub MCP Security Scanning: How AI Coding Agents Get an Immune System

MCP command execution flaw: what security teams need to know

200,000 MCP Servers Are Exposed. Here's Why Serverless Is Safer.

The interoperability breakthrough: How MCP is becoming enterprise AI's…

MCP For Software Engineers | Part 1 : Building Your First Server