Someone Scanned Every AI Agent Server in the Official Registry. 41% Had No Lock on the Door.

The Model Context Protocol is the closest thing the AI agent ecosystem has to a universal standard. Anthropic published it. OpenAI adopted it. Every major agent framework uses it. MCP servers are how AI agents talk to the outside world — databases, APIs, CI/CD pipelines, social media platforms, project management tools. In February, a security researcher scanned all 518 servers in the official MCP registry. The results: 214 servers — 41% — require no authentication at any layer. Not at the MCP protocol level. Not at the API level. Nothing. Any agent, any script, any POST request can enumerate every available tool with zero credentials. Those 214 open servers expose 1,462 tools to anyone who asks. The Servers That Are Wide Open The audit grouped servers into three tiers. Tier 1 servers authenticate at the MCP protocol layer — about 20% of the registry. Tier 2 servers skip MCP-layer auth but require API keys for the underlying services — roughly 38%. Tier 3 servers have no authentication