.png)
Quantifying Risk Exposure Across 281 MCPs
AI applications powered by MCPs are redefining how systems connect and act. But their modular nature opens the door to a new class of threats: compositional risk.
So, what's the impact? Scroll down to find out in this one-of-it's-kind research.
3MCPs = 52% High Risk.
MCPs Security Risk Is Compositional.
According to our research, high-risk compositions multiply as agents scale. And the risk compounds fast.
.svg)
.png)
Quantifying MCP Risk Exposure Across 281 MCPs
.png)
Why MCPs Are Inherently Vulnerable
MCPs are designed to be powerful, flexible, and modular. That makes them excellent tools for chaining actions across plugins and APIs, but also uniquely dangerous.
The core issue isn’t any single plugin, but the combination of many. MCPs inherit the permissions, capabilities, and content of every service they integrate with. One plugin might pull data from the web, another might write to disk, a third might execute code.
.png)
.png)
How We Evaluated MCPs
We analyzed 281 popular MCP setups, sourced from public documentation and well-known open-source agent frameworks. For each MCP, we examined two key dimensions: whether it exposed a sensitive capability, and whether it processed input from an untrusted source.
%20(1).png)
.png)
Why the Real MCP Risk Is in the System, Not the Plugin
One tested MCP was connected to a markdown parser and allowed remote HTML loading. When a malicious payload was served through a web scraping plugin, it was interpreted by the MCP client as an instruction, and forwarded to a downstream shell plugin.
.png)
%20(1).png)
“MCPs don’t replace APIs - they rewire how software acts on them, and how attackers act through them.”
.png)
.svg)
Get ready for the future with Pynt
For API security platforms like Pynt, MCP risk is a natural extension of existing threats: untrusted inputs triggering unintended actions.
.svg)