Check Point / Lakera — 40% of 10,000 MCP servers found to have security weaknesses

2026-02-01 • Category: Security

AI relevance: Model Context Protocol (MCP) servers are the primary tool-access layer for AI agents in enterprise environments; a 40% vulnerability rate across 10,000 servers means nearly half of all deployed agent tooling infrastructure is exploitable.

• Check Point's 2026 Cyber Security Report (14th annual) reveals organizations faced an average of 1,968 attacks per week in 2025 — a 70% increase since 2023, driven by AI-powered automation of reconnaissance, social engineering, and operational decision-making.
• Lakera (acquired by Check Point) audited 10,000 MCP servers and found security weaknesses in 40% of them — a staggering exposure rate given that MCP is the de-facto integration layer connecting agents to enterprise APIs, databases, and file systems.
• During a three-month monitoring window, 89% of organizations encountered risky AI prompts, with roughly 1 in 41 classified as high-risk — suggesting that prompt-based attacks against agent-connected infrastructure are already routine, not theoretical.
• Ransomware operations have decentralized into smaller specialized groups, with a 53% year-over-year increase in extorted victims and a 50% rise in new RaaS groups; AI is being used to accelerate targeting and operational efficiency across these campaigns.
• Social engineering has expanded beyond email into browsers, SaaS, collaboration tools, and voice channels — ClickFix techniques alone surged 500%. The overlap with MCP-connected agents is direct: agents that browse, read email, or interact with SaaS tools can be manipulated through the same social-engineering vectors.
• Unmonitored edge devices (VPN appliances, IoT) are increasingly used as relay points; combined with vulnerable MCP servers, this creates compound attack paths where agents serve as both entry points and lateral movement tools.

Why it matters

• MCP has become the standard integration protocol for AI agents. A 40% vulnerability rate across a 10,000-server sample is the first large-scale empirical measurement of how exposed this layer actually is.
• Most organizations lack visibility into which MCP servers exist in their environment, let alone their security posture — this is the "shadow AI" infrastructure problem with hard numbers attached.
• The convergence of AI-automated attacks (89% encountering risky prompts) with vulnerable agent tooling creates a feedback loop: attackers can probe agents faster than defenders can audit the MCP servers those agents rely on.

What to do

• Inventory your MCP servers: conduct a discovery scan of all MCP endpoints in your environment, including developer-created and shadow instances.
• Audit server configurations: validate authentication, input validation, and tool-argument sanitization on every MCP server — Lakera's findings suggest nearly half will need remediation.
• Apply least-privilege to agent tooling: restrict which tools each agent can invoke and scope filesystem/database/API access to the minimum required.
• Monitor for risky prompts: instrument prompt logging and classification at the agent layer to catch high-risk inputs before they reach tool-execution.
• Segment agent infrastructure: isolate MCP servers from production networks and edge devices; treat them as high-value targets equivalent to CI/CD infrastructure.

Links

• Check Point 2026 Cyber Security Report announcement (GlobeNewsWire)
• Full report download (checkpoint.com)
• WebProNews: Security Chiefs Gear Up for AI Agents and Poly-Threats in 2026