1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution
Summary
Over 1,800 MCP servers (Model Context Protocol servers, tools that connect AI assistants to external systems) are publicly exposed without requiring authentication, meaning anyone can see what internal tools an organization has connected to their AI. Security researchers found that production systems with access to financial databases, social media accounts, and customer data are vulnerable to attacks like EchoLeak (a zero-click exploit that hides malicious instructions in documents) and mcp-remote (a supply chain attack using a widely-downloaded package with a command injection vulnerability).
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4168979/1800-mcp-servers-exposed-without-authentication-how-zero-trust-can-secure-the-ai-agent-revolution.html
First tracked: May 11, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 85%