> We identified a total of 1,862 MCP servers exposed to the internet. From this set, we manually verified a sample of 119. All 119 servers granted access to internal tool listings without authentication.
Here we go again.
Before we had seen (and there still) MongoDB databases exposed all over the internet with zero credentials protecting them. (you can just connect to them and you are in.)
Now we have exposed MCP servers waiting to be prompt injected and their data to be exfiltrated from say, a connected service or database if they are connected to any. [0]
So now you can just talk to anyone's exposed MCP server and ask for the secret passwords, environment variables and sensitive data.
And the AI will just hand it all over.
replies(3):