Ian CampbellJul 17

Exposing the Unseen: Mapping MCP Servers Across the Internet

"We identified a total of 1,862 MCP servers exposed to the internet. From this set, we manually verified a sample of 119. All 119 servers granted access to internal tool listings without authentication."

this is why I keep a very watchful eye on Knostic about AI stuff, they know the tech, the risks, *and* how human behavior will interact with them.

#infosec #cybersecurity #genai

https://www.knostic.ai/blog/mapping-mcp-servers-study

Exposing the Unseen: Mapping MCP Servers Across the Internet

Knostic mapped 1,862 internet-exposed MCP servers via Shodan. 100 % lacked auth, revealing immature and risky GenAI endpoints.

Show threadIan CampbellJul 17
Incidentally, we saw ~100,000 subdomains named "mcp" in the last month or so across the top dozen TLDs.
Show threadjoy larkin 🌺✨Jul 17

@neurovagrant

I kind of kid you not, but yesterday I read a thread by a dev who asked why Anthropic (the MCP spec author) only offered a carefully curated list of MCP servers to connect to vs. allowing one to use any old MCP URL... 😬

Show threadRachel RawlingsJul 17
@joy @neurovagrant I've avoided enough AI news and am of the right age so that the only meanings I could think for MCP were Windows admins and the master control program from Tron.
Show threadjoy larkin 🌺✨

@LinuxAndYarn @neurovagrant

Ironically enough, a long time ago, I did get a Microsoft MCP cert...

Jul 17 at 6:00pmWeb