Manifold Security Just Scored 7,700 MCP Servers. Here's Why That Number Should Worry You.

The MCP ecosystem grew faster than anyone could audit it. Now there's a tool trying to catch up — and what it's finding isn't reassuring.

The Problem It's Solving

When Model Context Protocol became the de facto standard for connecting AI agents to external tools and data, adoption moved at a pace the security industry wasn't ready for. Every major agent platform built in MCP support. Registries filled up. Enterprises started wiring agents to internal systems through servers they'd never vetted.

The supply chain problem with traditional software took years to become obvious. With MCP, the same pattern is playing out in months. And the threat model is nastier than a bad npm package.

A compromised MCP server doesn't just exfiltrate data. It can control an agent's reasoning, redirect its execution, and manipulate its decisions at the tool-call layer — before the output ever reaches a human. That's a different category of exposure than a vulnerable dependency. You're not patching a library. You're potentially handing an attacker the steering wheel of an autonomous system.

Manifold Security Just Scored 7,700 MCP Servers. Here's Why That Number Should Worry You.

Other newsrooms on this story

Related reading

We Scored 14,800+ MCP Servers on Behavioral Trust. Here's What We Found.

MCP command execution flaw: what security teams need to know

200,000 MCP Servers Are Exposed. Here's Why Serverless Is Safer.

GitHub MCP Security Scanning: How AI Coding Agents Get an Immune System

MCP isn’t KYC-ready: Why regulated sectors are wary of open agent exchanges

Defense in Depth for MCP Servers