Back

AI-Powered Vulnerability Sweep Reveals 15,000 Flaws in MCP Servers

Severity: Medium (Score: 51.9)

Sources: Trendmicro, astrix.security

Published: 2026-05-28 · Updated: 2026-05-28

Keywords: servers, hunt, them, ai-powered, vulnerability, sweep, trendai

Severity indicators: vulnerability

Summary

A recent Trendmicro report identified over 15,000 vulnerabilities across 19,000 open-source MCP servers, with a significant portion potentially influenced by AI-generated code. The research utilized a Gemini-powered AI agent to analyze repository metadata and source code traits. Initial scans flagged 17,558 vulnerabilities, later refined to 15,000 after removing false positives. A manual review of 438 selected vulnerabilities confirmed their status. The analysis highlighted a growing trend in AI bot activity on GitHub, with 8.3% of MCP repositories showing such activity. This situation raises concerns about the security and reliability of AI-assisted code development, as the presence of vulnerabilities could impact a wide range of applications relying on these servers. Key Points: • Over 15,000 vulnerabilities identified in 19,000 MCP servers. • 8.3% of analyzed repositories showed AI bot activity, indicating AI's role in code development. • The research utilized advanced AI tools to assess and refine vulnerability findings.

Detailed Analysis

**Impact** Over 19,000 open-source MCP server repositories were analyzed, revealing over 15,000 confirmed vulnerabilities. Approximately 8.3% of these repositories showed AI bot activity, indicating a significant presence of AI-generated or AI-assisted code. This affects developers and organizations relying on MCP servers globally, particularly those deploying cloud-based MCP services, potentially exposing sensitive data and operational infrastructure to exploitation. **Technical Details** The vulnerabilities were identified using a Gemini-powered AI agent and further validated by a Claude Haiku 4.5-powered agent, focusing on AI-generated code traits such as excessive defensive coding patterns (e.g., try-catch blocks). The attack vector involves exploitation of insecure MCP server implementations, many of which were developed or assisted by AI tools like GitHub Copilot. No specific CVEs, malware, or IOCs were detailed in the source material. **Recommended Response** Defenders should prioritize auditing MCP server codebases for AI-generated code patterns and apply rigorous security testing to mitigate vulnerabilities. Monitoring repository metadata for AI bot activity and implementing stricter code review processes are advised. No specific patches or IOCs were provided; therefore, continuous monitoring of MCP server repositories and deployment environments for anomalous behavior is recommended.

Source articles (3)

  • Hunt Them All: An AI-Powered Vulnerability Sweep of 19000 MCP Servers — Trendmicro · 2026-05-28
    A TrendAI™ Research publication, Update on Exposed MCP Servers: The Threat Widens to the Cloud , uncovered a rapid growth in open-source MCP server repositories—over 19,000—in a period of only a few m…
  • Hunt Them All: An AI-Powered Vulnerability Sweep of 19000 MCP Servers — Trendmicro · 2026-05-28
    A TrendAI™ Research publication, Update on Exposed MCP Servers: The Threat Widens to the Cloud , uncovered a rapid growth in open-source MCP server repositories—over 19,000—in a period of only a few m…
  • State Of Mcp Server Security 2025 — astrix.security · 2026-05-28
    This blog post shares the findings from the Astrix Research team’s large-scale “State of MCP Server Security 2025” research project. We analyzed over 5,200 unique, open-source Model Context Protocol (…

Timeline

  • 2025-01-01 — Rapid growth of MCP servers observed: Over 19,000 open-source MCP server repositories were identified in a few months, raising concerns about security.
  • 2025-10-01 — GitHub AI bot operations surge: AI bot operations on GitHub increased from 175,996 to over 1 million events, indicating a rise in AI-assisted coding.
  • 2026-05-28 — Vulnerability analysis published: Trendmicro published findings of a vulnerability sweep revealing over 15,000 flaws in MCP servers.

Related entities

  • Sql Injection (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-22 - Path Traversal (Cwe)
  • CWE-287 - Improper Authentication (Cwe)
  • CWE-78 - OS Command Injection (Cwe)
  • CWE-798 - Use of Hard-coded Credentials (Cwe)
  • Cwe-89 - SQL Injection (Cwe)
  • CWE-94 - Code Injection (Cwe)
  • instances.as (Domain)
  • mcp.so (Domain)
  • readme.md.it (Domain)
  • T1059 - Command and Scripting Interpreter (Mitre Attack)
  • AWS Secrets Manager (Platform)
  • Claude Haiku 4.5-powered Agent (Tool)
  • Gemini-powered Static Analysis (Tool)
  • GH Archive (Tool)
  • GitHub AI Bot (Tool)
  • GitHub Copilot (Tool)
  • MCP Secret Wrapper (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed