MCP Trust Ecosystem Report

State of MCP Security

Live aggregate data from the MCP Trust registry inside CraftedTrust's broader AI governance platform. Updated daily.

What this page is for

This page shows the public MCP ecosystem layer inside CraftedTrust. It helps buyers and publishers see where common problems cluster across the registry before they drill into a single server profile.

MCP Trust Search the Registry

Registry Overview

High-level numbers from the CraftedTrust MCP Trust registry.

6,000+

Servers Indexed

142+

Live Verified

Security Checks

Compliance Frameworks

Trust Score Distribution

How servers in the registry break down by trust tier.

Trusted 80-100

-- (12%)

Moderate 60-79

-- (22%)

Caution 40-59

-- (35%)

Warning 20-39

-- (20%)

Dangerous 0-19

-- (11%)

Common Issues Found

The most frequently flagged security findings across all scanned servers.

Undeclared network connections

Servers making outbound requests to hosts not declared in their manifest or documentation.

Missing transport encryption

Endpoints accepting plaintext HTTP or unencrypted WebSocket connections without TLS.

Overly broad permissions

Tools requesting filesystem, network, or system access beyond what their stated purpose requires.

No SBOM or dependency metadata

Missing software bill of materials, making supply-chain risk opaque to consumers.

Missing publisher verification

No verified link between the published server and an identifiable operator or organization.

Coverage by Transport Type

How servers in the registry communicate with clients.

HTTP / Streamable

SSE

STDIO

Explore the data yourself

Search the registry, review the MCP Trust workflow, or run a public scan.

Search the Full Registry MCP Trust pricing