Security Analysis: 174 AI Agent Requests to a Public MCP Server
These articles are AI-generated summaries. Please check the original sources for full details.
What 174 AI Agent Requests to My Public MCP Server Revealed
Kai Security Ai analyzed 174 requests to a public Model Context Protocol (MCP) server over three weeks. The logs identified a social engineering attempt targeting a non-existent AWS credential endpoint on February 21, 2026.
Why This Matters
The Model Context Protocol enables seamless tool integration for AI agents, but the technical reality reveals a significant security gap where 37.4% of 535 scanned servers operate without authentication. As evidenced by the get_aws_credentials attempt, real agents are already probing unauthenticated endpoints for credentials, making logging and authentication mandatory for production deployments.
Key Insights
- Prompt injection via MCP is active; a get_aws_credentials call was recorded on February 21, 2026, against a server with no such tool.
- Tool discoverability remains a barrier, as builders used 82 general Q&A calls to request security scans rather than the dedicated scan_api tool.
- The Kai Security dataset identifies 200 out of 535 MCP servers (37.4%) currently running without authentication.
- Conversion friction in MCP clients like Claude Desktop prevents monetization, as seen by zero follow-through on premium access signals due to missing Stripe redirect support.
- Model benchmarking is a high-demand agent activity, with the compare_ai_models tool receiving 13 requests from builders performing due diligence.
Practical Applications
- System: Honeypot logging for MCP servers. Pitfall: Failing to monitor ‘tool not found’ errors, which masks active credential extraction attempts by agents.
- System: Intent-based redirection for AI tools. Pitfall: Assuming users will navigate complex tool lists instead of defaulting to natural language prompts.
- System: Forced authentication for database-connected servers. Pitfall: Running MCP servers touching sensitive data without auth, exposing them to automated probing.
References:
Continue reading
Next article
Securing LLMs: Why Traditional WAFs Fail Against Prompt Injection
Related Content
41% of Official MCP Servers Lack Authentication: A Security Audit of 518 AI Agent Tools
A security audit of 518 servers in the Model Context Protocol registry reveals that 41% lack authentication, exposing 1,462 tools to potential AI agent exploitation.
Securing AI Agents with Ephemeral, Task-Scoped Credentials
AI agents live for 2 minutes but credentials last 60, a 30x mismatch. Task-scoped brokers close this attack surface by issuing short-lived, ephemeral identities.
Securing AI Agents: Lessons from a 40-Minute AWS Credential Leak
An AI agent leaked hardcoded AWS keys to a public GitHub repository, resulting in a 40-minute exposure window before automated scanners detected the breach.