Quantifying Risk Exposure Across 281 MCPs

AI applications powered by MCPs are redefining how systems connect and act. But their modular nature opens the door to a new class of threats: compositional risk.

So, what's the impact?
Scroll down to find out in this one-of-it's-kind research.

3MCPs = 52% High Risk.
MCPs Security Risk Is Compositional.

According to our research, high-risk compositions multiply as agents scale. And the risk compounds fast.

9%
High-risk
1 MCP
52%
High-risk
3 MCPs
92%
High-risk
10 MCPs
get the full security research report

Quantifying MCP Risk Exposure Across 281 MCPs

By Golan Yosef, Chief Security Scientist and Co-Founder

Why MCPs Are Inherently Vulnerable

MCPs are designed to be powerful, flexible, and modular. That makes them excellent tools for chaining actions across plugins and APIs, but also uniquely dangerous.

The core issue isn’t any single plugin, but the combination of many. MCPs inherit the permissions, capabilities, and content of every service they integrate with. One plugin might pull data from the web, another might write to disk, a third might execute code.

How We Evaluated MCPs

We analyzed 281 popular MCP setups, sourced from public documentation and well-known open-source agent frameworks. For each MCP, we examined two key dimensions: whether it exposed a sensitive capability, and whether it processed input from an untrusted source.

Get the Full Report

Why the Real MCP Risk Is in the System, Not the Plugin

One tested MCP was connected to a markdown parser and allowed remote HTML loading. When a malicious payload was served through a web scraping plugin, it was interpreted by the MCP client as an instruction, and forwarded to a downstream shell plugin.

Get the Full Report

How to Reduce MCP Exploitability in Practice

1

Use the MCP host safeguard mechanism

2

Limit exposure

by enabling only the servers and tools that are actively needed

3

Isolate execution

4

Reduce compositional risk by design

Golan Yosef

Chief Security Scientist and Co-Founder, Pynt

“MCPs don’t replace APIs - they rewire how software acts on them, and how attackers act through them.”

Get ready for the future with Pynt

For API security platforms like Pynt, MCP risk is a natural extension of existing threats: untrusted inputs triggering unintended actions.

Book a Demo
35K+ Happy Users
Get the Full Report
35K+ Happy Users