Skills
MCP Ecosystem Security Audit: 43% of Public Servers Vulnerable to Command Execution, 36.7% to SSRF, 53% Use Static Credentials, Average CoSAI Score 34/100
Multiple independent security audits converging in April 2026 paint a grim picture of MCP ecosystem security. BlueRock Security found 36.7% of 7,000+ servers are vulnerable to SSRF. Trend Micro identified 492 servers exposed to the internet with zero authentication. Astrix Security reported 53% use static credentials. CoSAI audited 17 MCP servers and scored them an average of 34 out of 100. Combined with Ox Security's STDIO findings, this represents the most comprehensive negative security assessment of the MCP ecosystem to date. Builders should audit every MCP server in their stack immediately.
Source
↳ Follow the thread