MCP shipped without authentication. Clawdbot shows why that’s a problem.
FeaturedLouis Columbus January 27, 2026 Model Context Protocol has a security problem that won’t go away.When VentureBeat first reported on MCP’s vulnerabilities last October, the data was already alarming. Pynt’s research showed that deploying just 10 MCP plug-ins creates a 92% probability of exploitation — with meaningful risk even from a single plug-in.The core flaw hasn’t changed: MCP shipped without mandatory authentication. Authorization frameworks arrived six months after widespread deployment. As Merritt Baer, chief security officer at Enkrypt AI, warned at the time: “MCP is shipping with the same mistake we’ve seen in every major protocol rollout: insecure defaults. If we don’t build authentication and least privilege in from day one, we’ll be cleaning up breaches for the…
