Security researchers have identified more than 1,800 Model Context Protocol (MCP) servers exposed online without any authentication controls. The finding, reported this week, highlights risks as AI agents gain wider use in enterprise settings.
Scope of the Exposure
Scans detected the servers accessible over public internet interfaces. MCP, an open protocol for connecting AI models to external data sources and tools, runs on these instances. None required login credentials, API keys, or other verification steps, according to the report from cybersecurity firm Datakanon.
Researchers counted 1,823 servers total. Many hosted sensitive operations, including database queries, file access, and code execution functions tied to large language models. Locations spanned cloud providers in the United States, Europe, and Asia.
- Over 60% of servers linked to production AI agent deployments.
- Some exposed admin dashboards with full system control.
- Traffic logs showed queries from major AI platforms.
Potential Risks
The open servers create entry points for unauthorized access. Attackers could issue commands through AI agents, leading to data theft or system compromise. Datakanon noted examples where servers handled customer records and proprietary codebases.
This exposure coincides with rapid adoption of AI agents. Enterprises deploy them for tasks like customer support and software development. Without safeguards, such agents become vectors for supply chain attacks. For context, recent threats like the PamDOORa backdoor demonstrate how protocol weaknesses enable credential theft.
Similar issues appear in cloud credential stealers, as seen with PCPJack, which spreads via exploited vulnerabilities.
Zero Trust as Defense
Experts recommend zero trust architecture to address these gaps. Zero trust requires continuous verification for every access request, regardless of origin. For MCP servers, this means enforcing mutual TLS authentication and role-based access controls.
Datakanon analyst Alexei Kojenov stated, “AI agents amplify risks when connected to unsecured endpoints. Zero trust principles—verify explicitly, assume breach—provide a clear path to protection.”
Implementation steps include:
- Deploying SSL/TLS certificates for encrypted connections.
- Using identity-aware proxies to inspect traffic.
- Applying least-privilege policies for agent permissions.
Industry Response
MCP developers updated protocol guidelines last month to stress authentication. Several vendors now offer zero trust gateways for AI integrations. Enterprises with exposed servers received notifications through provider dashboards.
Broader context includes rising AI security incidents. Reports show a 300% increase in agent-related breaches over the past year. Regulators in the EU and US plan audits for AI supply chains later this year.
Datakanon plans to release a full technical report and mitigation toolkit next week. Organizations can scan their networks using the firm’s open-source tool, available on GitHub.
