What Static Scanning Misses: 211 Real Requests to a Live MCP Server

What Static Scanning Misses: 211 Real Requests to a Live MCP Server Backslash Security published a report this week: 7,000+ MCP servers scanned, hundreds vulnerable, searchable hub available. Solid work. Static analysis of code repositories and server configurations. Here's what static scanning can't tell you. The Gap Between Configuration and Behavior Static scanning tells you: this server has no authentication configured, these tools are exposed, this input isn't sanitized. It doesn't tell you: someone tried to use our security research as a map to find targets. Someone called a honeypot tool named get_aws_credentials within 48 hours of deployment. Someone sent a message in Russian claiming to be the system's creator. These behaviors don't exist in configuration files. They exist in traffic logs. We've been running a public MCP server since February 2026 — not as a target, but as an active participant in the MCP ecosystem. Here's what 211 logged tool calls look like from the inside.