SANS Identifies Distributed Scanning of MCP Servers and AI Assistant Configs
SANS Internet Storm Center reports systematic scanning of MCP servers, AI assistant configs, and local LLM endpoints. 49 IPs targeted MCP handshakes, exploiting CVEs in MCP SDKs, signaling AI infrastructure as a new attack vector.