Manifold scores 7,700 MCP servers

MCP servers are turning into the app layer for AI agents. That is useful, but it also means every tool an agent can call starts to look like part of your attack surface. Manifold’s news is basically that this surface is already much bigger than most teams probably assumed. Its Manifest product now indexes and scores more than 7,700 MCP servers pulled from the official MCP Registry, then makes them searchable for security teams. (siliconangle.com) ### What is an MCP server? An MCP server is a service that exposes tools, data, or actions to an AI client through the Model Context Protocol. Think file access, ticketing systems, cloud APIs, databases, code repos, browser actions. Microsoft’s Security Copilot docs describe MCP as a standardized way for AI systems to discover and call tools, and the official registry positions itself as the public catalog for those servers. (learn.microsoft.com) ### Why does 7,700 matter? Because the number turns an abstract security worry into inventory. Manifold says Manifest now covers over 7,700 servers from the official registry, scoring and indexing them alongside other agent ecosystem components. That means the problem is not “someday there may be lots of agent tools.” The problem is that there are already thousands of callable endpoints sitting in a fast-growing ecosystem. (manifold.security) ### What is Manifold actually doing? Manifold is not announcing a new protocol. It is adding MCP servers to its supply-chain intelligence system. The company says Manifest analyzes these servers for things like permissions, exposure, and other risk signals so agent-security teams can review what an agent might reach before those tools get trusted inside a workflow. In plain English — it is trying to give security teams a package manager view of the agent world. (manifold.security) ### Why is this a supply-chain problem? Because agents do not just “use AI.” They chain into external systems. Once an agent can discover and invoke tools dynamically, the trust boundary shifts. A bad server, an over-permissioned server, or a legitimate server with weak auth can become the path from a chat prompt to real actions in production systems. That is why Manifold frames MCP infrastructure as part of the trusted computing base for agentic apps. (siliconangle.com) ### What are teams missing today? Mostly the boring controls that APIs already learned the hard way. The official MCP ecosystem has grown quickly, but security practice is still catching up. Supabase’s MCP authentication guide is a good tell here — it centers OAuth 2.1, existing user identity, and token-based authentication for agents. That points to the real requirement: don’t treat MCP as a toy plugin layer. Treat it like production API infrastructure with scoped access, identity, and review. (supabase.com) ### Is the registry itself the issue? Not exactly. The registry is useful. It makes discovery easier and helps standardize the ecosystem. But a registry also concentrates visibility. Once there is an authoritative public list of servers, defenders can scan it — and attackers can too. That is the same dynamic app stores, package registries, and browser extension ecosystems ran into. Centralization helps adoption, then forces security tooling to grow up fast. (modelcontextprotocol.info) ### Why now? Because MCP moved from side project to infrastructure surprisingly fast. The official registry launched in preview in September 2025, and by May 2026 Manifold is talking about more than 7,700 indexed servers from that source alone. Separate registries already list far more. You can argue about exact counts, but not the direction — the ecosystem is scaling faster than enterprise review processes were built for. (modelcontextprotocol.info) ### Bottom line? The important part is not Manifold’s product launch by itself. It is what the number reveals. AI agents are getting a real tool layer, and that tool layer now looks big enough that security teams need inventory, scoring, auth, and provenance before “just connect the agent” becomes the next shadow-IT mistake. (siliconangle.com)