Social media is the leading medium for successful scams at 34%, surpassing email (28%), phone calls (25%), text messages (24%), and online ads (21%) in 2025.

Over 16,000 MCP servers are indexed by unofficial registries such as mcp.so.

79% of API keys found in open-source MCP server implementations are passed via simple environment variables.

There are a total of 20,000 MCP server implementations on GitHub.

Unofficial marketplaces have indexed upwards of 17,000 open-source Model Context Protocol (MCP) server implementations.

8.5% of open-source Model Context Protocol (MCP) server implementations adopt modern and secure authentication methods, such as OAuth.

53% of open-source Model Context Protocol (MCP) server implementations rely on insecure, long-lived static secrets, such as API keys and Personal Access Tokens (PATs).

There was a 30% drop between the total number of repositories downloaded and those implementing real open-source Model Context Protocol (MCP) servers.

There are an estimated 20,000 repositories in GitHub implementing open-source Model Context Protocol (MCP) servers.

88% of open-source Model Context Protocol (MCP) server implementations require credentials.

Nearly two in five consumers (39%) globally reported being targeted by an email, online, phone call, or text messaging fraud scheme between February and May 2025.

34% of consumers in the surveyed Latin American countries reported being targeted by email, online, phone call, or text messaging fraud from February to May 2025.

93% of the recaptured passwords were cracked by SpyCloud and delivered as plaintext.