Aaron Soto3d ago
Ian Campbell

Exposing the Unseen: Mapping MCP Servers Across the Internet

"We identified a total of 1,862 MCP servers exposed to the internet. From this set, we manually verified a sample of 119. All 119 servers granted access to internal tool listings without authentication."

this is why I keep a very watchful eye on Knostic about AI stuff, they know the tech, the risks, *and* how human behavior will interact with them.

#infosec #cybersecurity #genai

https://www.knostic.ai/blog/mapping-mcp-servers-study

Exposing the Unseen: Mapping MCP Servers Across the Internet

Knostic mapped 1,862 internet-exposed MCP servers via Shodan. 100 % lacked auth, revealing immature and risky GenAI endpoints.

Jul 17 at 5:32pmWeb
Show threadIan Campbell3d ago
Incidentally, we saw ~100,000 subdomains named "mcp" in the last month or so across the top dozen TLDs.
Show threadcR0w 3d ago
@neurovagrant 
Show threadjoy larkin 🌺✨3d ago

@neurovagrant

I kind of kid you not, but yesterday I read a thread by a dev who asked why Anthropic (the MCP spec author) only offered a carefully curated list of MCP servers to connect to vs. allowing one to use any old MCP URL... 😬

Show threadIan Campbell3d ago
@joy this is why we can't have nice things
Show threadjoy larkin 🌺✨3d ago

@neurovagrant

I don't totally blame the dev, as the spec is obviously unfinished and there is a miasma of market confusion around it.

But the sheer lack of curiosity about security by the dev is alarming...

Show threadRachel Rawlings3d ago
@joy @neurovagrant I've avoided enough AI news and am of the right age so that the only meanings I could think for MCP were Windows admins and the master control program from Tron.
Show threadIan Campbell3d ago

@LinuxAndYarn @joy second Tron serendipity for me today.

first was a new track from Nine Inch Nails being released from their forthcoming TRON soundtrack in September.

guess it's all coming up Tron.

(cc @cryptadamist )

Show threadRachel Rawlings3d ago
@neurovagrant @joy @cryptadamist I saw the NIN track, didn't know it was from Tron. Now I really have to get out from under my work rock.
Show thread⚯ Michel de Cryptadamus ⚯3d ago

@LinuxAndYarn @neurovagrant @joy memorabilia

https://www.youtube.com/watch?v=jYetymNG8fw

Nine Inch Nails - Memorabilia (Soft Cell Cover)

YouTube
Show threadjoy larkin 🌺✨3d ago

@LinuxAndYarn @neurovagrant

Ironically enough, a long time ago, I did get a Microsoft MCP cert...

Show threadcR0w 3d ago

@neurovagrant

GO HACK MORE MCP SHIT

Show threadlbcp 🦖 3d ago
@cR0w @neurovagrant
Show threadaburka 🫣3d ago
@neurovagrant oy, their mobile site is totally broken. The text is reflowed without respect to word boundaries.
Show threadLeeloo3d ago
@neurovagrant
Assuming that in this case MCP means something different than Microsoft Certified Professional...
Show threadIan Campbell3d ago
@leeloo Anthropic-authored protocol that serves as a kind of intermediate server between an LLM and a data source like an API, to help the LLM properly "understand" the incoming data.