State of MCP Security 2026: the attack surface of agents becomes a standalone topic

Security & TrustSubscribers only Jul 13, 2026 at 02:188Add to bookmarks

State of MCP Security 2026: the attack surface of agents becomes a standalone topic
Illustration : Léa Fontaine

The first dedicated report on MCP security catalogs a debt that is growing faster than the ecosystem itself.

In plain terms

A first dedicated report - « State of MCP Security 2026 » by Canopii - lists the vulnerabilities and bad practices of the Model Context Protocol ecosystem. The message is clear: security has not kept up with the pace of adoption.

The fact

Published on July 12, 2026 (Canopii PDF), the report analyzes public and private MCP servers and identifies several classes of weaknesses: exposed tokens/credentials, lack of server-side origin control, prompt injection via tool descriptions, unpinned dependencies, and permissive scope management.

Analysis

MCP exploded in 2025-2026 because it solves a real problem: connecting LLMs to tools without coding N integrations. But the speed of adoption has bypassed hygiene. Three patterns emerge:

  1. Injection via tool description: the MCP server controls the text that the LLM sees - it can therefore push hidden instructions that hijack the agent. Classic, known, but few safeguards in public clients.
  2. Coarse-grained credentials: many servers ask for an OAuth token with overly broad scopes, reused for all tools, without rotation.
  3. Cross-server confusion: when an agent chains 5 MCP servers, no standard mechanism traces the origin of a tool result. A compromised server can feed another with instructions.

Under the hood

The report estimates (to be confirmed by third-party audits) that ~40% of the public MCP servers tested expose at least one secret key in their repo or default config, and that ~65% do not implement origin checks on calls. It proposes a 12-point checklist: strict version pinning, minimal scopes, signing of tool descriptions, on-demand logging, and sandboxing per server.

Scenarios

  • Standardization (50%): Anthropic and OpenAI publish by Q4 2026 a "secure by default" MCP profile with cryptographic verification of tools.
  • Fragmentation (35%): each client does its own hardening, the ecosystem splits into "public MCP" and "enterprise MCP".
  • Major incident (15%): a visible breach forces the industry to accelerate - most likely scenario for Q1 2027.

So what

For a CTO deploying agents: treat MCP as third-party unaudited code. Sandbox per server, strict scopes, manual review of tool descriptions, monitoring of agent outputs. For an investor: the MCP security layer becomes a real market - expect to see 2-3 specialized startups raise funds within 6 months.

To watch

A hardened MCP profile published by Anthropic or OpenAI, a public CVE on a popular MCP server, and the first acquisition of an MCP-security startup by an established cyber actor.

Content reserved for members

Create a free account to access all our content and the weekly review.

Article produced by artificial intelligence, reviewed under human editorial control.

Our newsroom
Your Linux servers, as a desktop.
TermalOSSponsored
Ops, reimagined

Your Linux servers, as a desktop.

Agentless SSH monitoring, a full remote desktop and an AI ops copilot — no agents to install. Everything stays on your machine.

SSHMonitoringAI Ops
Get early access
Was this article helpful?

12 people liked this article

Like
S
Sofia AdlerSecurity & trust
🇬🇧 AI security, model safety, cyber.
Share:
Comments (8)

Sign in to join the discussion.

BookWorm88 13 Jul 2026 · 05:35

La sécurité doit suivre l'innovation, mais sans tout bloquer. Comment faire ?

1
SkepticSam 13 Jul 2026 · 05:18

Comment concilier innovation et sécurité dans MCP ? La dette de sécurité grandit trop vite.

Alex_London 13 Jul 2026 · 05:06

L'innovation est importante, mais la sécurité ne doit pas être négligée. Comment trouver un équilibre ?

1
Alex 2 13 Jul 2026 · 05:03

La dette de sécurité qui s'accumule dans MCP est inquiétante. Il faut absolument renforcer les mesures de sécurité pour suivre l'évolution rapide de la technologie.

TechGuru99 13 Jul 2026 · 04:59

La sécurité est vraiment négligée au profit des nouveautés. Comment faire évoluer les mentalités ?

1
J.P.R. 2 13 Jul 2026 · 04:52

Intéressant, mais cette dette de sécurité ne serait-elle pas inévitable avec une techno qui évolue si vite ?

Dr. L. 13 Jul 2026 · 04:45

L'évolution rapide de MCP est un vrai problème, mais on a l'impression que la sécurité passe après les fonctionnalités. Comment faire pour que ça change ?

TravelTom 13 Jul 2026 · 04:19

La sécurité des MCP est-elle vraiment prise au sérieux ?

Your Linux servers, as a desktop.
TermalOSSponsored
Ops, reimagined

Your Linux servers, as a desktop.

Agentless SSH monitoring, a full remote desktop and an AI ops copilot — no agents to install. Everything stays on your machine.

Get early access
Topics
Explore
Information