I Scanned Enterprise MCP Servers: Composio, Supabase, and Notion Walk Into a Security Audit

I Scanned Enterprise MCP Servers: Composio, Supabase, and Notion Walk Into a Security Audit TL;DR: I ran security scans against MCP servers from major tech companies. Two out of three had critical vulnerabilities. One was a company that sells MCP security. Background I've been scanning MCP (Model Context Protocol) servers since late 2025. After analyzing 750+ servers, the pattern is clear: ~30% have no authentication whatsoever . But I wanted to go deeper. What about the enterprise players? The companies building MCP infrastructure for thousands of developers? The Scans ✅ Notion MCP Server Result: Authentication Required Finding: Server properly enforces auth before allowing connections Grade: PASS Notion gets it right. Their MCP server requires authentication before you can do anything. This should be the baseline. ✅ HubSpot MCP Server Result: Authentication Required Finding: Server properly enforces auth Grade: PASS HubSpot also enforces authentication. Two for two in the "doing it r

I Scanned Enterprise MCP Servers: Composio, Supabase, and Notion Walk Into a Security Audit

Related Articles

The Feature Took 2 Hours to Build — and 2 Weeks to Fix

Blog 15: SDLC Phase 4 — Testing

Before We Write a Single Data Structure, We Need to Talk

How to implement the Outbox pattern in Go and Postgres

The Hidden Algorithm Behind Google Maps Traffic!!!!

Related Articles

How-To
The Feature Took 2 Hours to Build — and 2 Weeks to Fix
Medium Programming • 3d ago

How-To
Blog 15: SDLC Phase 4 — Testing
Medium Programming • 3d ago

How-To
Before We Write a Single Data Structure, We Need to Talk
Medium Programming • 3d ago

How-To
How to implement the Outbox pattern in Go and Postgres
Lobsters • 3d ago

How-To
The Hidden Algorithm Behind Google Maps Traffic!!!!
Medium Programming • 3d ago