Vibe Coding
MCP Servers Are The New Shadow IT: 10,000+ Active Servers, 53% Rely on Static Secrets
Qualys TotalAI analysis finds over 10,000 active public MCP servers deployed within the first year since Anthropic's late-2024 introduction, with 53% relying on static secrets according to Astrix research. Servers evade traditional security tooling by binding to localhost, using random high ports, or embedding in developer tools — mirroring classic shadow IT adoption patterns. Recommended response: inventory + capability mapping + graph-based relationship analysis + mandatory auth enforcement.
Source
↳ Follow the thread