Security research, tool discovery patterns, and infrastructure insights for developers building with the Model Context Protocol.
A May 2026 scan of 1,808 public MCP servers surfaced 8,282 security findings across 16,840 tools. The headline number is that 66% of servers had findings — but the more important result is the toxic-data-flow pattern, a class of risk that no single-server scanner can see.
Three CVEs now define the practical security posture of the Model Context Protocol in 2026 — MCPwn on the server side, an mcp-remote RCE on the client side, and MCPoison at the trust boundary. Together they show that every layer of an MCP connection has been exploited, and that the common defense is structural, not a patch.
On May 20, 2026 the NSA released a Cybersecurity Information Sheet naming nine specific security controls for production MCP deployments, with a September 30 federal-contractor deadline. This is a plain-language field guide to what each requirement asks for and what it means for the way you actually build.
The EU Council and Parliament agreed on May 7 to push the high-risk AI compliance deadline from August 2026 to December 2027. Multiple parallel mandates — DORA, NIS2, GPAI obligations, transparency rules — did not move. Here is what the Omnibus VII delay actually changes for organizations deploying AI agents.
Anthropic published the official 2026 MCP roadmap. Four enterprise gaps are named directly — audit trails, SSO-integrated auth, gateway behavior, configuration portability — and the spec team is explicitly routing them through extensions and a new Enterprise Working Group rather than into the core protocol.
