Thousands of MCP Servers Exposed to the Internet With No Authentication
Security researchers discovered thousands of MCP servers deployed with no authentication whatsoever, giving anyone on the internet full access to the tools and data these servers control.
No password. No API key. No auth at all. Just open to the internet.
Security researchers at Equixly discovered thousands of MCP servers deployed with zero authentication, fully accessible to anyone who could reach them over the network. Each exposed server provided unrestricted access to whatever tools, databases, and APIs the MCP server was configured to control.
The exposed servers included connections to file systems, databases, email systems, code repositories, and cloud infrastructure. An attacker didn't need to hack anything โ they just needed to connect to an MCP server that nobody had bothered to protect.
The root cause was systemic: the MCP specification doesn't mandate authentication by default. Many MCP server implementations ship without auth, and developers deploy them without adding any. The result is a massive, growing attack surface of unauthenticated tool-access servers scattered across the internet.
The MCP ecosystem has a default-open security model. Thousands of servers are running right now with no auth. Each one is a free backdoor to whatever it's connected to.
More nightmares like this
MCP Horror: Agent Sent Entire WhatsApp History to an Attacker
An AI agent connected via MCP was tricked into exfiltrating a user's entire WhatsApp message history to an attacker-controlled server.
ClawJacked: OpenClaw Vulnerability Enables Full Agent Takeover โ 1,184 Malicious Skills Discovered
Security researchers discovered a critical OpenClaw vulnerability that allows complete agent takeover, finding 1,184 malicious skills already in the wild capable of hijacking any OpenClaw agent.
Mercor Breach: 939GB of Source Code Exfiltrated via Claude
AI hiring platform Mercor suffered a massive breach where 939GB of source code was exfiltrated through Claude, exposing the company's entire codebase.
CamoLeak: GitHub Copilot Silently Exfiltrated AWS Keys via Invisible Markdown
A critical vulnerability in GitHub Copilot allowed attackers to exfiltrate private source code and AWS credentials through invisible markdown rendering โ the user saw nothing.