I audited 6,762 MCP servers. Here's the state of the ecosystem and the trust gap nobody's filling.

Originally published with live data at https://wmcp.sh/reports/state-of-mcp-security-2026

The Model Context Protocol exploded this year. Claude, Cursor, Codex, and a wave of agents now discover and auto-connect to MCP servers. Which raises a question nobody's answering: who's checking those servers are safe, reachable, and well-behaved before an agent hands them tool-call access?

The official MCP registry deliberately doesn't. It authenticates namespaces and stores metadata, then explicitly delegates security and curation to "downstream aggregators." So trust in MCP is structurally unowned.

I built an independent grader and ran it across 6,762 servers which is the largest audit of the ecosystem that I'm aware of. Here's what's there.

The method