From static findings to runtime exploits: testing 6 popular MCP servers

Blog - AgentSeal Blog Security research and technical deep-dives from the AgentSeal team. Featured Research From Static Findings to Working Exploits: Runtime Validation of 6 High-Profile MCP Servers Controlled lab testing of 6 MCP servers with 68K+ combined GitHub stars. Docker isolation, planted test data, three-run verification. Every flagged vulnerability was successfully exploited. AgentSeal Research · March 28, 2026 · 0 Latest Posts Research 555 MCP Servers Have Toxic Data Flows. Here's What We Found. Attack surface analysis of 5,125 MCP servers reveals 935 dangerous tool combination paths across 555 servers. Includes runtime probe data from 113 servers, CVE-based detection, and full methodology disclosure. AgentSeal Research · March 20, 2026 · 0 SECURITY RESEARCH We Scanned 1,808 MCP Servers. 66% Had Security Findings. A year of MCP breaches, real data from our registry, and why defense matters even when perfect security is not achievable. AgentSeal Team · March 14, 2026 · 0 SECURITY RESEARCH We Scanned 50 Cursor Rules Files From GitHub. 6 Had Hidden Instructions. How zero-width Unicode characters, base64 payloads, and toxic data flows turn your AI coding agent into an attack vector. AgentSeal Team · March 11, 2026 · 0 Try Now Scan Your Prompt Paste your system prompt. We'll attack it with 25 adversarial probes powered by Claude Opus 4.6. Try Now Free trial uses 25 selected probes. Sign up to scan with all 277+ probes including MCP tools, RAG poisoning, behavioral genome, and multimodal attacks.