What 17,845 GitHub Repos Taught Us About Malicious MCP Servers
ID: 9565caf8-401f-51b7-b95f-5e9ae397c4b8
STIX ID: report--9565caf8-401f-51b7-b95f-5e9ae397c4b8
Feed Name: VirusTotal Blog
Threat Score
VirusTotal audited ~17,845 MCP server projects on GitHub and used automated code-inspection to flag 1,408 as potentially malicious or dangerously insecure; the report catalogs numerous attack vectors—remote code execution, credential harvesting, server impersonation, supply-chain abuse, context poisoning and others—and recommends mitigations such as signing/pinning, sandboxing, visible revocable permissions, and filtering model outputs.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.