What is MCP and why does security matter
[2 paragraphs explaining MCP for people who don't know]
What I found after scanning 670 servers
[The stats — avg score 53, 85 with no auth, 9 production safe]
The attack that started this
What is MCP and why does security matter [2 paragraphs explaining MCP for people who don't...
What is MCP and why does security matter
[2 paragraphs explaining MCP for people who don't know]
What I found after scanning 670 servers
[The stats — avg score 53, 85 with no auth, 9 production safe]
The attack that started this

Open-source supply-chain trust gate for MCP servers, validated on 200 packages. 3 BLOCK findings including 1 hardcoded LLM API…

We built mcp-customs, a free, offline CLI that checks an MCP server for common security risks before...

Originally published with live data at https://wmcp.sh/reports/state-of-mcp-security-2026 The Model...

Last week, two MCP security vulnerabilities went public. CVE-2026-33032 (CVSS 9.8) in the nginx-ui...

Smithery is the largest public MCP registry right now. Over 5,400 servers listed. We took the top 500...

Most MCP servers and agent tools execute code, hold API keys, or run with broad permissions. There's...