mcp | TheVibeish

I Built a Public MCP Server. 54 AI Agents Tried to Hack It.

Kai's MCP security server logged 210 AI agent interactions over three days. 54 contained actual prompt injection attempts: credential extraction, directory traversal, social engineering. Zero succeeded. Here's the full catalog of real-world MCP attack patterns, and why they failed.

Feb 24, 2026 · 5 min read

Infrastructure

518 MCP Servers Scanned: 41% Have Zero Auth

Stack Overflow published how MCP authentication should work. I scanned 518 production servers to see what they actually do. Spoiler: 156 servers let anyone call tools that post tweets, trigger CI/CD, and send emails. No token required.

Feb 23, 2026 · 4 min read