Agents
Adversa AI Scans 500+ MCP Servers: 38% Completely Lack Authentication, Exposing CI/CD and Cloud Controls
Adversa AI's April 2026 MCP security resources digest reports that nearly 38% of 500+ scanned MCP servers completely lack authentication — translating to over 200 servers where any AI agent or HTTP client can enumerate and execute tools including CI/CD pipeline triggers, database query interfaces, and cloud infrastructure controls. Despite the MCP spec now including OAuth 2.1 with PKCE, the protocol ships with no authentication enabled by default.
Source
↳ Follow the thread