"Due to a lack of authentication, hundreds of MCP servers are now running unsecured on the internet, posing direct risks to organizations. The Model Context Protocol (MCP), intended as a standard for communication between AI models and external tools, was widely used from the outset without mandatory access control. Authentication and authorization were optional, as VentureBeat points out, resulting in many implementations being rolled out openly by default."
"This design choice is now becoming even more problematic with the emergence of Clawdbot, a personal AI assistant that is completely dependent on MCP. Clawdbot can manage email, open files, and execute code, among other things. Developers often quickly set up the agent on a VPS, where security settings are not always applied correctly. As a result, MCP servers with extensive rights are accessible directly from the internet."
"A recent scan shows how big the problem has become. A total of 1,862 MCP servers were found that did not require any form of authentication. In a random sample, every server responded without asking for login details. In practice, this means that external parties have the same access as the AI agent itself, including the ability to manage systems or access data."
Model Context Protocol (MCP) implementations were widely deployed without mandatory access control, making authentication and authorization optional and leaving many servers exposed by default. Hundreds of MCP servers are running unsecured on the internet, including instances used by personal assistants like Clawdbot that can manage email, open files, and execute code. Developers often deploy agents on VPS hosts without applying correct security settings, allowing MCP servers with extensive rights to be accessible directly from the internet. A scan found 1,862 MCP servers requiring no authentication; sampled servers responded without login. Critical vulnerabilities in MCP-related tools have enabled system takeover, arbitrary code execution, and unrestricted file access.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]