Emerging Risks: Typosquatting in the MCP Ecosystem | UpGuard

This research analyzes how typosquatting and brand impersonation threaten the Model Context Protocol (MCP) ecosystem: human configuration errors and unmoderated registries (notably MCP.so and community marketplaces) enable attackers to publish lookalike MCP servers, increasing supply-chain risk. The authors analyzed ~18,000 Claude Code configuration files, found frequent name variations and lookalikes (3–15 unverified lookalikes per official brand, comprising ~10–16% of servers across registries), and call for stronger verification and governance to prevent malicious remote or locally run MCP servers from being integrated into AI agents.