State of MCP Security 2026

We independently audited 6,762 Model Context Protocol servers against an OWASP-aligned trust rubric. Here's what the ecosystem actually looks like.

Live figures · last computed 2026-06-03 · methodology below

6,762
Servers audited
68/100
Average trust score
38%
Scored D or F
42%
Scored A or B

What "D or F" means — it's mostly rot, not vulnerabilities. The single biggest driver of low grades is unreachability: 13% of registry-listed servers don't respond at all (dead or unresponsive), and many that do are auth-protected or missing transparency signals, so they can't be vetted from outside. Confirmed security issues are comparatively rare — about 1% of audited servers exposed an actual problem like a credential-exfiltration surface or plaintext transport. This measures how vettable the ecosystem is, not that most servers are compromised.

Trust-grade distribution

How all 6,762 audited servers grade out, A through F.

A
1,184 (18%)
B
1,655 (24%)
C
1,349 (20%)
D
1,540 (23%)
F
1,034 (15%)

The most common weaknesses

Share of a 120-server sample exhibiting each issue. Unreachability dominates; genuine security findings (plaintext transport, prompt-injection, secret-exfiltration) affect roughly 1%.

Server unreachable / no response
38%
Secret / credential exfiltration surface
1%

What kinds of servers exist

Categorized by what their tools do. Click a category for its own ranked leaderboard.

Developer Tools
1,020
Finance & Crypto
581
AI & ML
408
Database
396
Cloud & DevOps
372
Commerce
287
Search
278
Maps & Geo
248
Productivity
185
Docs & Knowledge
135
Web & Scraping
91
Social & Comms
51
Government & Data
46

+ 2,664 uncategorized — mostly unreachable or auth-protected servers whose tools couldn't be inspected from outside. Developer tooling is by far the largest identifiable category; consumer-facing categories are thin.

Most trustworthy MCP servers

The top scorers in the ecosystem right now. Grades are free and identical whether or not the operator pays — independence is the point.

#ServerGradeScore
1arxiv.caseyjhand.comA+97
2mcp.influship.comA96
3npm:mcp-accessibility-scannerA96
4www.cannonstudio.appA96
5api.lad.lviv.uaA95
6hemmabo-mcp-server.vercel.appA95
7mcp.nausika.appA95
8npm:402-mcpA95
9npm:@10iii/air-mcp-serverA95
10npm:@402index/mcp-serverA95
Get the monthly State of MCP Security report
Plus an alert the moment a server drops a grade or ships a rug-pull. Free — built for agent developers.
Operators: own your grade. Grade your server free, embed the badge, then turn on continuous monitoring — we re-check your server on a schedule and alert you the instant a tool changes or your grade drops (rug-pull insurance for the agents that depend on you). Browse all grades on the leaderboard.
Grade your server → Get the badge

Methodology

Each server is scored 0–100 against an OWASP-aligned rubric covering authentication & transport security, tool-annotation honesty, transparency (e.g. RFC 9728 OAuth resource metadata), and behavioral signals observed from real proxied traffic. Letter grades map A+ through F. The distribution and averages above are computed across the full set of 6,762 graded servers; the weakness breakdown is computed from a rolling sample of 120 full audit reports. Figures are recomputed continuously as new servers are graded and existing ones are re-checked for drift. This is an independent assessment — wmcp.sh is not affiliated with the servers listed, and grades are never influenced by payment.