This report uncovers the rapid, widespread adoption of Model Context Protocol (MCP) servers in enterprises, highlighting significant security risks due to lack of visibility and widespread use of unofficial servers with credential access. The 2,200% growth in MCP servers over 13 months, with 86% operating locally on developer endpoints, exposes thousands of non-human identities and enterprise services to potential compromise. #ModelContextProtocol #ClutchSecurity
Keypoints
- Annual cybersecurity reports typically include an executive summary, data analysis, key findings, threat landscape overview, and recommendations; this report focuses on MCP server deployment trends and security implications in enterprise environments.
- Between October 2024 and November 2025, MCP server adoption exploded by 2,200%, growing from 3 to nearly 7,000 published servers, demonstrating rapid market acceptance despite security shortcomings.
- 15.28% of enterprise employees run at least one local MCP server, averaging 2 per user, totaling over 3,000 installations in a 10,000-person organization, with 86% of servers running locally where security visibility is limited or absent.
- 38% of MCP servers are unofficial, unvetted implementations from unknown authors that have full access to plaintext credentials for enterprise services such as AWS, GitHub, Atlassian, and Snowflake, elevating risk substantially.
- A significant attack vector exists whereby attackers publish malicious MCP servers with appealing names, which developers install using single-command tools (npm or npx), leading to rapid credential exfiltration within 60 seconds.
- The MCP ecosystem connects to 115 distinct enterprise services, prominently including generic utilities (20.5%), browser automation tools (18.6%), Atlassian products (12.3%), AWS (5%), Docker (4.7%), and GitHub (3.6%), all critical to business operations.
- Security challenges are compounded by the local server architecture that stores credentials in plaintext configuration files, lacking encryption or hardware-backed protections, enabling easy credential theft if the server is compromised.
- Only 14% of MCP servers run remotely in vendor-controlled environments offering stronger security boundaries; however, developer preference strongly favors local deployments due to flexibility and convenience.
- 3% of published servers embed valid, hardcoded credentials in their source code, which represents careless credential management and further potential attack surface.
- The report emphasizes the urgent need for enhanced visibility and governance regarding MCP server deployments, credentials accessed, and network activity to prevent large-scale credential theft incidents in enterprises.
- Despite security risks, MCP servers deliver significant productivity gains by integrating AI assistants with enterprise tools, driving continued growth that security teams must adapt to rather than attempt to halt.
- Clutch Security offers a platform designed to provide comprehensive visibility and control over non-human identities, including MCP servers, enabling enterprises to better protect their cloud environments, applications, and infrastructure.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)