State of MCP Security 2026

We independently audited 6,865 Model Context Protocol servers against an OWASP-aligned trust rubric. Here's what the ecosystem actually looks like.

Live figures · last computed 2026-07-19 · methodology below

6,865
Servers audited
68/100
Average trust score
38%
Scored D or F
41%
Scored A or B

What "D or F" means — it's mostly rot, not vulnerabilities. The single biggest driver of low grades is unreachability: 14% of registry-listed servers don't respond at all (dead or unresponsive), and many that do are auth-protected or missing transparency signals, so they can't be vetted from outside. Confirmed security issues are comparatively rare — about 2% of audited servers exposed an actual problem like a credential-exfiltration surface or plaintext transport. This measures how vettable the ecosystem is, not that most servers are compromised.

Trust-grade distribution

How all 6,865 audited servers grade out, A through F.

A
1,248 (18%)
B
1,598 (23%)
C
1,425 (21%)
D
1,467 (21%)
F
1,127 (16%)

The most common weaknesses

Share of a 120-server sample exhibiting each issue. Unreachability dominates; genuine security findings (plaintext transport, prompt-injection, secret-exfiltration) affect roughly 2%.

Server unreachable / no response
48%
Secret / credential exfiltration surface
2%

What kinds of servers exist

Categorized by what their tools do. Click a category for its own ranked leaderboard.

+ 2,725 uncategorized — mostly unreachable or auth-protected servers whose tools couldn't be inspected from outside. Developer tooling is by far the largest identifiable category; consumer-facing categories are thin.

Most trustworthy MCP servers

The top scorers in the ecosystem right now. Grades are free and identical whether or not the operator pays — independence is the point.

#ServerGradeScore
1api.lad.lviv.uaA+97
2arxiv.caseyjhand.comA+97
3hooklayer.devA+97
4api.humantaste.appA96
5mcp.influship.comA96
6npm:mcp-accessibility-scannerA96
7www.cannonstudio.appA96
8api.mnemom.aiA95
9audioknihy.czA95
10eurocomply.appA95
Get the monthly State of MCP Security report
Plus an alert the moment a server drops a grade or ships a rug-pull. Free — built for agent developers.
Operators: own your grade. Grade your server free, embed the badge, then turn on continuous monitoring — we re-check your server on a schedule and alert you the instant a tool changes or your grade drops (rug-pull insurance for the agents that depend on you). Browse all grades on the leaderboard.
Grade your server → Get the badge

Methodology

Each server is scored 0–100 against an OWASP-aligned rubric covering authentication & transport security, tool-annotation honesty, transparency (e.g. RFC 9728 OAuth resource metadata), and behavioral signals observed from real proxied traffic. Letter grades map A+ through F. The distribution and averages above are computed across the full set of 6,865 graded servers; the weakness breakdown is computed from a rolling sample of 120 full audit reports. Figures are recomputed continuously as new servers are graded and existing ones are re-checked for drift. This is an independent assessment — wmcp.sh is not affiliated with the servers listed, and grades are never influenced by payment.