Overview
- An Agent Shield audit of 17 widely used MCP servers found that 100% lacked machine-readable permission declarations and 29% were rated high risk, with an average security score of 34/100.
- The audit identified a confirmed code-execution flaw in the Playwright MCP server caused by a user-controlled eval call.
- Separate reporting documented more than 8,000 MCP servers publicly accessible without authentication, allowing unrestricted discovery and invocation of tools and resources.
- MCP maintainers outlined a 2026 roadmap prioritizing transport scalability, clearer task lifecycle rules, governance maturation, and enterprise readiness.
- Community guidance urges immediate mitigations including OAuth2 with PKCE, strict authentication on tools and resources, reduced error verbosity, and automated scanning in registries and CI pipelines.