Security · 1h ago
AI agent configs from 1,200 GitHub repos all have security flaws
A scan of 1,200 MCP configuration files from public GitHub repositories found that 100% had security gaps, with 20.7% containing critical or high issues like hardcoded secrets and unauthenticated endpoints. The 11 most popular MCP servers, with over 307K combined stars, all had findings, and five were critical. The researcher built an open-source tool, Pluto AgentGuard, to detect these vulnerabilities.
Meridian48 take
The finding that zero configs had response limits or session caps suggests the AI agent security conversation has neglected the configuration layer, which is now the primary attack surface.
Read the full reporting
I Scanned 1,200 MCP Configs From GitHub. Here's What I Found. →
DEV Community
ai-agent-securitymcp-config-audit