.png)
Quantifying Risk Exposure Across 281 MCPs
AI applications powered by MCPs are redefining how systems connect and act. So, what's the security impact? Scroll down to find out in this one-of-it's-kind research.
3 MCPs = 52% High Risk.
MCPs Security Risk Is Compositional.
High-risk compositions multiply as agents scale.
.svg)
.png)
Quantifying MCP Risk Exposure Across 281 MCPs
.png)
MCPs Are Inherently Vulnerable
MCPs are designed to be powerful, flexible, and modular. That makes them excellent tools for chaining actions across plugins and APIs, but also uniquely dangerous.
The core issue isn’t any single plugin, but the combination of many. Learn more about MCP compositional Risk
.png)
.png)
How We Evaluated MCPs
We analyzed 281 popular MCP setups, sourced from public documentation and well-known open-source agent frameworks. For each MCP, we examined two key dimensions: whether it exposed a sensitive capability, and whether it processed input from an untrusted source.
%20(1).png)
.png)
Why the Real MCP Risk Is in the System, Not the Plugin
One tested MCP was connected to a markdown parser and allowed remote HTML loading. When a malicious payload was served through a web scraping plugin, it was interpreted by the MCP client as an instruction, and forwarded to a downstream shell plugin.
.png)
%20(1).png)
“MCPs don’t replace APIs - they rewire how software acts on them, and how attackers act through them.”
How MCP Compositional Risk Looks Like In The Wild
.png)
.png)
Get ready for the future with Pynt
For API security platforms like Pynt, MCP risk is a natural extension of existing threats: untrusted inputs triggering unintended actions.
.svg)