Thousands of Insecure MCP Servers Expose Critical Systems to Hacking Risks

Researchers discover nearly 2,000 Model Context Protocol (MCP) servers exposed online without authentication, allowing potential hackers to execute commands, steal data, or launch denial of wallet attacks on critical systems.

• Nearly 2,000 Model Context Protocol (MCP) servers exposed to the Web lack authentication or access controls.
• Researchers found none of the 119 MCP servers they sampled demanded authentication to list executable functions.
• MCP servers can potentially allow attackers to execute arbitrary commands, exfiltrate data, or perform denial of wallet attacks.