Your MCP Servers Are Safe. Your Config Isn't.

Every MCP security scanner on the market does the same thing: it looks at each server in isolation. Does this server have prompt injection in its tool descriptions? Does that one have a known CVE? Good. Ship it. Nobody asks what happens when those servers work together. MCPhound does. It is the first scanner that models your MCP configuration as an attack graph and finds multi-hop chains across server combinations. The filesystem server and the fetch server are both fine on their own. Together, they are an SSH key exfiltration pipeline -- and no individual server scanner will ever flag it. The blind spot is compositional There are now over 8,600 MCP servers listed on PulseMCP, with 97 million monthly SDK downloads across the ecosystem. The average developer runs 4 MCP servers per client. MCP has been adopted by OpenAI, Google DeepMind, Microsoft, and AWS, and was donated to the Linux Foundation in December 2025. This is not a niche protocol anymore. The security picture is rough. Astri