SaSame Observatory · Reproducible · 2026-06-23
An outside-in, reproducible measurement of how many public MCP endpoints are actually reachable, callable, and schema-valid across fragmented registries. Verification status only — no risk verdict on any named server.
Registry entries indexed across four public sources, reduced to auditable public endpoints, rolling-audited over time. Audit window 2026-06-17 → 2026-06-23.
Of 5,260 audited endpoints (latest state), share by outside-in grade. Observed-ready = A or B. Grade is a deterministic function of pass count against the standard — not a safety or quality verdict.
Observed-ready (A or B): 35.9%. On a single read-only call, 13.4% returned real content (the rest were priced/auth-gated = delivery unverified, empty, or non-conforming). The readiness gap is large and measurable — which is exactly why a continuous, outside-in census exists.
Indexed entries by source. No single registry is a complete or authoritative slice of the ecosystem.
| Source | Indexed entries |
|---|---|
| official MCP registry | 15,358 |
| Glama | 13,124 |
| x402 discovery catalog | 1,418 |
| PulseMCP | 100 |
Overlap finding (2026-06-23): two independent registries shared only ~1% of their union (147 in both; 220 and 25,769 unique to each). A single source is a biased lens; buyers should cross-reference.
Independent 2026 security research reports a serious auth/SSRF posture problem across the MCP ecosystem — on the order of ~37% SSRF-exposed, ~41% requiring no authentication, only ~8.5% on OAuth across ~7,000 public servers, with 30+ CVEs filed in a single 60-day window and hundreds of zero-auth servers found publicly exposed.
SaSame's distinct role: we do not assign a risk, badness, or safety score to any named server. We publish continuous verification status — reachable, callable, schema-valid, owner-claimed, re-checked — so the readiness gap is measurable without naming-and-shaming. (Consistent with the external picture, "Security & Compliance" is among the thinnest verticals we index: 51 endpoints.)
Everything here is observation-only and free to correct. Claiming proves you control the endpoint and clears unconfirmed items — no secrets, no sales call.
Integrating an MCP server and want a readiness check on that endpoint before you wire it in? Request a readiness report →