A 2026 internet-wide scan found 40% of public MCP servers have zero authentication. The new stateless MCP spec removes protocol-level session hijacking risks but shifts all security responsibility to individual implementers, leaving most deployments exposed. This guide outlines 12 essential production controls to secure MCP against real-world attack vectors.
Here's a number that should stop you mid-scroll: 40% of public MCP servers have zero authentication. Not weak auth. Not misconfigured auth. None. That finding from internet-wide scanning that cataloged 12,520 exposed MCP services isn't an edge case — it's the baseline. The protocol that's supposed to connect your AI agents to production infrastructure has a security posture closer to a 2014 PHP tutorial than enterprise middleware.
The 2026-07-28 specification, which ships July 28, makes this worse in the name of operational simplicity. I'll walk through why, what actually puts you at risk, and the 12 controls that matter — based on what researchers are finding in the wild, not what the spec docs hope you'll do.
The Stateless Spec Is an Operational Win and a Security Loss
The headline change in the 2026 spec is that MCP goes stateless. The initialize/initialized handshake is gone. The Mcp-Session-Id header is gone.
If you enjoyed this, read the full post at SaaS with Alex
Top comments (0)