Skip to main content

Live data report

The State of MCP Exposure

AI agents talk to your systems over the Model Context Protocol. When an MCP server runs without authentication, any agent - or any stranger - can list and often call its tools. This page tracks how exposed that surface really is, using real scans, updated hourly.

Vysiro data collection is live. Domains are never stored - only anonymized counts.

What Vysiro is seeing

Early data. We publish percentages only after 30 servers have been checked, so an early sample can't produce a misleading headline number. So far: 0 checked, 0 with an MCP endpoint, 0 unauthenticated. Run the free checker below to add your domain to the count.

Methodology: each figure is a tally of real scans run through the Vysiro MCP Exposure Checker. A domain is counted once per check; only booleans are stored (endpoint found, auth required, llms.txt present, leak found). No hostnames, no named servers.

Unauthenticated = anyone can call your tools

An MCP server with no auth lets any client enumerate every tool and, in many cases, execute them - read files, hit internal APIs, move data. It's an open door with your agent's permissions.

llms.txt is read by assistants - and by attackers

Teams paste internal URLs and, occasionally, live keys into llms.txt. AI assistants ingest and repeat it. A leaked secret here is a secret in every model's context.

The wider picture (2026)

Independent researchers spent 2026 measuring this surface. These figures are theirs, cited in full - context for why we started tracking it.

Is your AI surface exposed?

Check your domain in seconds. Free, no signup, and your result joins this anonymized count so the picture keeps getting sharper.

Check my domain