Report · 2026

The State of MCP Security

We audited 244 Model Context Protocol servers (207 repositories + 37 live endpoints) against the OWASP MCP Top 10. Your agent trusts every one of them. It shouldn't.

46%
score D or F
68
average score / 100
59
failing outright (29%)
244
servers audited

Grade distribution

A
46 · 22%
B
32 · 15%
C
33 · 16%
D
37 · 18%
F
59 · 29%

Popular ≠ safe

The most-starred MCP servers that still score C or below. Stars measure hype, not safety.

modelcontextprotocol/servers88k71C
mastra-ai/mastra26k75C
elie222/inbox-zero12k75C
browsermcp/mcp6.8k66D
21st-dev/magic-mcp5.3k57D
financial-datasets/mcp-server2.2k60D
nottelabs/notte2.0k73C
Azure/azure-mcp1.2k54F

Worst offenders

openfort-xyz/mcp33F
routineco/mcp-server39F
4everland/4everland-hosting-mcp39F
riza-io/riza-mcp1212F
digma-ai/digma-mcp-server1112F
aws-powertools/powertools-mcp4213F
apimatic/apimatic-validator-mcp716F
Adfin-Engineering/mcp-server-adfin916F

Don't ship on a bad score.

Audit any MCP server free, then protect every call to it in real time — cache reads (30–60% off your Claude bill) and block injection / exfiltration / secret leaks with the mcpizy proxy.

Audit a server →❯ npx mcpizy proxy install

Methodology: each server is probed and scored 0–100 against the OWASP MCP Top 10 (security, token cost, tool design, compliance, reliability). Repos are scored on repository quality (maintenance, license, adoption, docs). Data refreshes hourly · 207 repos + 37 endpoints · browse the full directory.