Backslash Security, a Tel Aviv-based application security platform, released findings from an analysis of over 7,000 public Model Context Protocol (MCP) servers, identifying critical vulnerabilities that could expose private user data. To address these risks, the company introduced the MCP Server Security Hub, a free, searchable database rating the security posture of MCP servers, and a self-service assessment tool for vibe coding environments.
Announcement Date: June 25, 2025.
Scope: Analysis of 7,000+ public MCP servers, with 15,000+ in existence.
Key Vulnerabilities:
NeighborJack: Servers bound to 0.0.0.0, accessible on local networks.
Excessive Permissions & OS Injection: Allows arbitrary command execution.
Solutions: MCP Server Security Hub and free vibe coding environment self-assessment tool.
Impact: Risks include remote code execution (RCE), data exfiltration, and tool impersonation.
Availability: Access the hub at https://www.backslash.security/mcp-security-hub.
Introduced by Anthropic in November 2024, MCP servers enable AI agents to interact with external tools and data, with over 15,000 servers now deployed due to their simple protocols. However, Backslash’s research revealed widespread security flaws:
NeighborJack Vulnerability: Hundreds of servers are bound to all network interfaces (0.0.0.0), exposing them to local network attacks.
Excessive Permissions & OS Injection: Dozens of servers allow arbitrary command execution, enabling attackers to run commands, scrape memory, or impersonate AI tools.
Critical Combinations: Servers with both vulnerabilities risk full host machine compromise by malicious actors on the same network.
A Quix6le study cited 43% of open-source MCP servers with command injection flaws, 33% allowing unrestricted URL fetches, and 22% leaking files outside intended directories. Posts on X highlighted specific issues, such as a SQL injection bug in Anthropic’s SQLite MCP server, forked over 5,000 times, and data leaks via Slack MCP servers.
Launched on June 16, 2025, the MCP Server Security Hub is a dynamically updated database covering over 7,000 MCP servers. It provides:
Security Scores: Rates servers based on vulnerabilities, attack vectors, and provenance.
Risk Details: Identifies malicious patterns, code weaknesses, and network exposure.
Searchable Interface: Allows developers to check server safety before integration.
The hub is free, requires no login, and is accessible at https://www.backslash.security/mcp-security-hub. A free self-assessment tool for vibe coding environments helps security teams monitor LLM models, MCP servers, and IDE AI rules, addressing risks like context poisoning.
MCP, dubbed the “USB-C for AI applications,” simplifies LLM integration with tools like Slack and GitHub but introduces new attack surfaces. Backslash’s findings align with research from Invariant Labs and CyberArk, noting risks like prompt injection, tool poisoning, and rug pull attacks where tools mutate post-installation. For example, a simulated MCP server demonstrated context poisoning by scraping malicious instructions from a website, tricking an LLM into exfiltrating sensitive data.
With 27,000+ GitHub stars for the MCP repository, adoption is rapid, but security lags. Backslash’s hub and tools aim to bridge this gap, offering visibility and proactive defenses like OAuth 2.1, allowlisting, and runtime auditing.
Backslash’s initiative addresses the $10B application security market’s growing need for AI-era solutions. “It’s critical to give developers and vibe coders the tools and guidance to safely navigate this emerging attack surface,” said Yossi Pik, Backslash CTO. As MCP adoption grows, the hub positions Backslash to lead in securing AI-driven infrastructure, competing with firms like Wiz and Palo Alto Networks.
Backslash Security offers a fresh approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It filters “triggerable” vulnerabilities, categorizes security findings by business process, secures AI-generated code, and simulates the security impact of updates, using a fully agentless approach. Backslash dramatically improves AppSec efficiency, eliminating the frustration caused by legacy SAST and SCA tools. Forward-looking organizations use Backslash to modernize their application security for the AI era, shorten remediation time, and accelerate time-to-market of their applications.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.