{"data":{"id":"b29d6ed5-e2e6-4c75-93be-2aee26fce035","title":"1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution","summary":"Over 1,800 MCP servers (Model Context Protocol servers, tools that connect AI assistants to external systems) are publicly exposed without requiring authentication, meaning anyone can see what internal tools an organization has connected to their AI. Security researchers found that production systems with access to financial databases, social media accounts, and customer data are vulnerable to attacks like EchoLeak (a zero-click exploit that hides malicious instructions in documents) and mcp-remote (a supply chain attack using a widely-downloaded package with a command injection vulnerability).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4168979/1800-mcp-servers-exposed-without-authentication-how-zero-trust-can-secure-the-ai-agent-revolution.html","publishedAt":"2026-05-11T09:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","supply_chain","rag_poisoning"],"issueType":"news","affectedPackages":null,"affectedVendors":["Anthropic","Microsoft","HuggingFace"],"affectedVendorsRaw":["Anthropic","Model Context Protocol","Microsoft 365 Copilot","Cloudflare","Hugging Face","Auth0","JFrog"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-11T09:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}