Security · 2h ago
MCP Audit Tool Reveals 41% of Servers Lack Authentication
A new open-source CLI tool, mcp-audit, scans MCP server configurations for security flaws. It found that 41% of ~7,000 public MCP servers require no authentication, and 36.7% are vulnerable to SSRF. The tool runs locally and flags issues like plaintext secrets and context token bloat.
Meridian48 take
The audit tool highlights a widespread security gap in the MCP ecosystem, but the real test is whether developers will adopt these checks before deploying.
Read the full reporting
I scanned my MCP setup and it scored 0/100. Here's what was wrong. →
DEV Community
mcp-securitydeveloper-tools