Vibe Coding
Scan of 10,000+ Real MCP Servers Finds Secrets Leaking at >10%, With 30 CVEs in 60 Days
A July 2026 analysis of over 10,000 real-world MCP servers found credentials, API keys, and PII leaking at rates exceeding 10%, on top of roughly 30 MCP CVEs disclosed in a recent 60-day window. The data quantifies what was anecdotal: the MCP install base is deploying faster than it's being hardened. For builders, the practical guardrails are scoped credentials per server, mandatory output validation, and refusing to auto-load workspace-supplied MCP configs.
↳ Follow the thread