TLDR: A measurement study of the Model Context Protocol (MCP) ecosystem reveals a mixed picture of rapid adoption and structural fragility. Over half of listed projects are low-value or abandoned. MCP servers face security risks from dependency monocultures and uneven maintenance, with sensitive APIs exposed. MCP clients show a convergence towards SSE as a dominant protocol but also a persistence of stdio and a growing trend towards multi-server connections, indicating an ecosystem in transition. The study provides the first evidence-based view of MCP’s scale, risks, and evolutionary path.
The Model Context Protocol (MCP) has emerged as a significant standard aiming to connect large language models (LLMs) with various external tools and resources. Its ambition is to play a role in AI integration similar to what HTTP did for the Web or USB for peripherals. However, despite its rapid adoption and considerable hype, the true state and future trajectory of the MCP ecosystem have remained largely unclear.
Researchers from Shandong University, China, and Nanyang Technological University, Singapore, embarked on the first large-scale empirical study of this burgeoning ecosystem. Their work, titled A Measurement Study of Model Context Protocol, introduces MCPCrawler, a systematic measurement framework designed to collect and analyze data from six major MCP marketplaces. Over a 14-day period, MCPCrawler gathered 17,630 raw entries, ultimately analyzing 8,401 valid projects, comprising 8,060 servers and 341 clients.
Ecosystem Scale and Growth Potential
The study revealed a mixed picture regarding the MCP ecosystem’s scale. While seemingly sizable, it is also quite fragile. More than half of the listed projects were found to be invalid or low-value, often placeholders, inactive forks, or abandoned prototypes. For instance, in MCP.so, a dominant hub, only 43.4% of server records were deemed valid, and in MCP Market, this figure dropped to 26.4%. Overall, only 49.1% of the collected raw entries were valid, indicating that a significant portion of the ecosystem consists of unusable projects.
Longitudinal analysis showed that while MCP.so has largely plateaued, MCP Market is contributing most of the ongoing growth. The research also highlighted both redundancy and fragmentation across markets; 41.9% of projects appeared in multiple markets, but only 6.9% were indexed in four or more, suggesting no single market offers comprehensive coverage.
Security and Privacy Posture of MCP Servers
The analysis of 8,060 valid MCP servers uncovered several structural risks. A significant concern is the prevalence of dependency monocultures. For example, Java servers predominantly use the Spring framework, meaning a vulnerability in Spring could have widespread impact across many MCP servers. Python and TypeScript servers often use schema validation frameworks like pydantic and zod, which enhance input safety, but Go and Rust servers generally lack equivalent built-in safeguards, relying more on manual validation.
Maintenance practices also vary considerably. While 40.9% of servers were updated within 90 days, a substantial 21.9% had been inactive for over a year, creating a ‘long tail’ of unpatched projects. Furthermore, 11.2% of servers expose sensitive APIs, with authentication-related services making up 43% of this group. These sensitive servers, though better maintained, amplify the consequences of misconfiguration or compromise, making the ecosystem vulnerable to supply-chain attacks, abandonment risks, and privacy exposures.
Client Connection Patterns and Ecosystem Evolution
Examining 341 valid MCP clients provided insights into the ecosystem’s evolutionary trajectory. On communication protocols, Server-Sent Events (SSE) emerged as dominant, used by 56.9% of clients, followed by stdio at 38.1%. This suggests a shift towards SSE as a de facto standard, though stdio’s persistence indicates that diverse design philosophies, especially for lightweight or local scenarios, remain relevant.
Regarding connection modes, the majority of clients (80.9%) support only a single server connection, favoring simplicity. However, a notable 19.1% of clients allow multiple concurrent connections, indicating an evolution towards multi-server integration for richer workflows and redundancy. These patterns suggest that the MCP ecosystem is in a transitional phase, with SSE and single-connection models currently dominating, but with hints of future diversity in protocols and multi-connection capabilities.
Also Read:
- Navigating Open Collaboration in Large Language Model Development
- Unpacking AI Evaluation: A New Approach with Measurement Trees
Conclusion and Future Outlook
The study concludes that while the Model Context Protocol has achieved rapid adoption, its ecosystem is structurally fragile. Over half of its projects are low-value or abandoned, servers face risks from dependency monocultures and uneven maintenance, and clients are in a transitional phase regarding protocol and connection patterns. These findings provide an evidence-based view of the MCP ecosystem, highlighting its current state, risks, and potential future directions. The researchers have made their collected dataset and the MCPCrawler framework publicly available to support further research into MCP standardization, governance, and security.
