State of MCP Server Security 2025: 5,200 Servers, Credential Risks, and an Open-Source Fix

Over 16,000 MCP servers are indexed by unofficial registries such as mcp.so.

79% of API keys found in open-source MCP server implementations are passed via simple environment variables.

There are a total of 20,000 MCP server implementations on GitHub.

Unofficial marketplaces have indexed upwards of 17,000 open-source Model Context Protocol (MCP) server implementations.

8.5% of open-source Model Context Protocol (MCP) server implementations adopt modern and secure authentication methods, such as OAuth.

88% of open-source Model Context Protocol (MCP) server implementations require credentials.

53% of open-source Model Context Protocol (MCP) server implementations rely on insecure, long-lived static secrets, such as API keys and Personal Access Tokens (PATs).

There was a 30% drop between the total number of repositories downloaded and those implementing real open-source Model Context Protocol (MCP) servers.

There are an estimated 20,000 repositories in GitHub implementing open-source Model Context Protocol (MCP) servers.