The 8% Problem: MCP Servers That Look Open But Aren't

When I published "41% of MCP Servers Have No Authentication," I was wrong about 8% of them. Not wildly wrong — the servers were accessible, their tool schemas were visible, and to any passive scanner they looked like open systems. But when you actually tried to call a tool, you got this: { "code" : -32603 , "message" : "Authentication required" } This is Tier 2 authentication. The schema is public. The calls are not. What I Was Missing My scanner checked: can I call tools/list ? If yes, and no 401 came back, I marked the server as "no auth." That logic is wrong. tools/list is not protected on Tier 2 servers. It's intentionally public — you're supposed to know what tools exist. The auth happens at the tool call level, when you actually try to do something. Here's what the three tiers actually look like: Tier 1 (Truly Open): tools/list → tools returned. tools/call → real data returned. 198 servers (37.7%). Tier 2 (API-Layer Auth): tools/list → tools returned (public schema). tools/call →

The 8% Problem: MCP Servers That Look Open But Aren't

Related Articles

Most scientific models assume the system already exists.

Why 90% of Claude Code Users Are Missing Its Most Powerful Feature ‍♂️

A Review on Language Models as Knowledge Bases

Observa 0.2.0: Dashboards, Alerting, Backups, and Data Export

Samsung Galaxy Buds 4 Pro vs. Bose QuietComfort Ultra 2: I tested both, and here's the winner

Related Articles

News
Most scientific models assume the system already exists.
Medium Programming • 2d ago

News
Why 90% of Claude Code Users Are Missing Its Most Powerful Feature ‍♂️
Medium Programming • 2d ago

News
A Review on Language Models as Knowledge Bases
Dev.to • 2d ago

News
Observa 0.2.0: Dashboards, Alerting, Backups, and Data Export
Medium Programming • 2d ago

News
Samsung Galaxy Buds 4 Pro vs. Bose QuietComfort Ultra 2: I tested both, and here's the winner
ZDNet • 2d ago