The latest articles on DEV Community by Jeet Jain (@freeguy21). https://dev.to/freeguy21 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3935131%2Fc71946b3-9a7b-47d6-8db2-ed1ddd2756f4.png https://dev.to/freeguy21 en Jeet Jain Sat, 16 May 2026 16:10:16 +0000 https://dev.to/freeguy21/mcp-security-is-broken-so-i-built-a-scanner-30ak https://dev.to/freeguy21/mcp-security-is-broken-so-i-built-a-scanner-30ak <p>MCP (Model Context Protocol) is the new standard for connecting AI agents to tools. The security is a disaster right now.</p> <p>BlueRock Security scanned 7,000+ live MCP servers 36.7% were vulnerable to SSRF. Hundreds had zero authentication or encryption.</p> <p>So I built AgentWarden — a CLI tool that scans MCP servers for real vulnerabilities:</p> <ul> <li>Unauthenticated endpoints</li> <li>SSRF via tool parameters </li> <li>Prompt injection in tool descriptions (tool poisoning)</li> <li>Path traversal in file tools</li> <li>Tool shadowing and typosquatting</li> <li>Missing rate limiting</li> <li>TLS misconfigurations</li> <li>Sensitive data exposure</li> </ul> <p>Usage:<br> agentwarden scan <a href="https://your-mcp-server.com" rel="noopener noreferrer">https://your-mcp-server.com</a> -v<br> agentwarden scan <a href="https://your-mcp-server.com" rel="noopener noreferrer">https://your-mcp-server.com</a> -o report.html</p> <p>GitHub: <a href="https://github.com/Agent-Warden/Agent-Warden" rel="noopener noreferrer">https://github.com/Agent-Warden/Agent-Warden</a></p> <p>Scanned several live MCP servers already. Would love feedback/contribution from anyone in the security space building on MCP.</p> ai cybersecurity mcp opensource