Agents
BlueRock's MCP Trust Registry: 36.7% of 7,000+ scanned MCP servers are SSRF-exposed, 42% leak credentials
BlueRock scanned over 7,000 MCP servers against 22+ security rules and found 36.7% carry potential server-side request forgery (unrestricted outbound fetch) exposure and 42% handle credentials insecurely, using Microsoft's 85k-star Markitdown MCP server as a worked example of the unbounded-fetch pattern. This puts hard numbers on what was previously hand-waved 'MCP is risky' anxiety and reframes SSRF/egress as the dominant MCP failure mode. If you run MCP servers, the actionable takeaway is to pin dependencies, bound outbound fetches, and treat any tool that fetches URLs as an SSRF liability by default.
Source
↳ Follow the thread