Salt Security has announced MCP Finder, a new discovery technology included in its Salt Illuminate platform, which promises to address one of the most dangerous blind spots in enterprise AI: MCP servers that no one knows exist but that AI agents are accessing.
The company defines MCP Finder as the first discovery engine specifically designed for Model Context Protocol (MCP) servers, the infrastructure that acts as a “universal API broker” for AI agents to query data, run tools, and orchestrate workflows within organizations.
The goal is clear: provide security teams with a single, reliable inventory of all deployed MCPs—both internal and external—before they become the backdoor to a new wave of cyberattacks.
MCP: the new invisible backbone of agentic AI
In recent months, many companies have begun experimenting with AI agents capable of taking actions: reading emails, consulting CRMs, launching scripts, generating tickets, or modifying data in internal systems. To make all this work, agents need a standardized connection layer with applications: that’s where Model Context Protocol comes into play.
MCP servers have become that intermediary piece that exposes tools, APIs, and data sources to AI agents. The problem, according to Salt Security, is that these servers are being deployed at a pace far exceeding the control capacity of IT and security departments.
In practice, MCP servers can be deployed by:
- Developers prototyping new use cases.
- Business teams connecting agents to SaaS applications.
- Vendors and consulting firms integrating their solutions with internal systems.
- Open source repositories deployed almost without security review.
The result is a shadow MCP server mesh that often doesn’t appear in any CMDB, isn’t governed by corporate policies, and yet has the ability to execute critical actions.
According to data cited in the announcement, within just ten months of the MCP standard’s introduction, over 16,000 MCP servers have been detected in Fortune 500 companies. An analysis of 1,000 servers revealed that 33% had critical vulnerabilities, with an average of more than five vulnerabilities per server.
“You can’t protect what you can’t see”
Salt Security’s thesis is straightforward: if AI agents become the primary consumers of APIs— as analysts like Gartner predict—the risk will shift from human developers to the automated agents consuming those APIs.
Nick Rago, Vice President of Product Strategy at Salt Security, summarizes it with a strong statement: “Every MCP server is a potential action point for an autonomous agent. The key question for any CISO today is: what can my AI agents actually do within the company?”
To answer that, first, you need to know what MCP servers exist, what they expose, and who is using them. That’s the gap MCP Finder aims to fill.
MCP Finder: a complete MCP inventory from three angles
The new MCP Finder technology is integrated as a core capability within Salt Illuminate, Salt Security’s API security and AI agent platform. Its proposal is to generate a unified record of all MCP servers by combining three discovery methods:
- External discovery – Salt Surface
- Locates MCP servers exposed to the internet, including forgotten, misconfigured, or undocumented deployments.
- Allows quick identification of entry points that could be exploited from outside.
- Code-based discovery – GitHub Connect
- Analyzes private repositories to detect MCP definitions, shadow integrations, and blueprints before they reach production.
- Facilitates a “shift-left” approach: identifying risks during development, not after deployment.
- Runtime behavior discovery – agent behavior mapping
- Observes real AI agent traffic and records which MCPs they use, what tools they invoke, and what data flow through them.
- Helps understand actual usage, not just intentions reflected in code.
By combining these approaches, MCP Finder builds a centralized inventory of all MCP servers associated with the organization—internal or external, active or abandoned. This single view forms the foundation for security policies on the “Action Layer” of AI, where agents stop talking and start doing.
From inventory to governance of the “Action Layer”
Visibility alone isn’t enough. Once the universe of MCP servers is identified, Salt MCP Finder leverages the rest of Salt Illuminate’s capabilities to assess risk, enforce policies, and strengthen security posture:
- Detailed mapping of tools and data
MCP Finder links each MCP server to the tools it exposes, the APIs it connects to, and the types of data (sensitive or not) flowing through them. This allows questions like:- Are there MCPs with access to personal data without strong authentication controls?
- Are there servers allowing agents to perform dangerous operations (mass deletions, permission changes, etc.)?
- Assessment against AI posture policies
The solution compares each MCP server against a set of security and compliance policies defined by the organization (authentication, authorization, activity logging, data segmentation, etc.).
This enables prioritization of MCPs that:- Expose sensitive information without proper encryption.
- Allow critical actions without multi-factor authentication or additional controls.
- Fail to log enough audit trails to reconstruct agent actions.
- Support for regulations and audits
As specific regulatory frameworks for AI and APIs emerge, having a traceable inventory of MCPs and agents makes it easier to demonstrate control to auditors, regulators, or internal risk and compliance teams.
Shadow AI, APIs, and MCP: a perfect storm for incidents
A key message from Salt Security’s announcement is that the expansion of AI agents is occurring in a terrain already complex: enterprise APIs. Before agents arrived, many organizations already faced issues such as:
- Shadow APIs never inventoried.
- Old “zombie APIs” still active without legitimate use.
- Poorly governed third-party integrations.
MCP servers are built precisely on top of this API fabric. If we add to that the fact that any team can deploy its own MCP to connect an agent to a SaaS, the result is a distributed, dynamic attack surface that is largely invisible.
In this context, MCP Finder becomes a necessary piece to “connect the dots”:
- Detect MCPs linked to APIs that have never been cataloged.
- See which agents are using which data routes, in what volume, and from where.
- Quickly identify when a new MCP appears in the environment without passing through official security channels.
An initiative aligned with market forecasts
The launch of MCP Finder coincides with analyst predictions that AI agents will consume an increasing and even dominant share of corporate APIs in the coming years. Gartner estimates that by 2028, 80% of organizations will see AI agents consuming the majority of their APIs, displacing traditional human use.
Salt Security has been positioning itself in this space with its Salt Illuminate platform, designed to discover and protect APIs, manage agent risk, and provide near real-time visibility without complex deployments or traffic rerouting.
With MCP Finder, the company takes a further step: not only to see how agents communicate with APIs but also to control the specific “backend” making those actions possible—the MCP servers.
Implications for CISOs and security teams
For security and architecture leaders, tools like MCP Finder represent a shift in mindset:
- The risk unit is no longer just the API, but the combined agent + MCP + API.
- The attack surface includes components deployed by business units, vendors, or developers with minimal friction.
- Governance of agentic AI requires dynamic inventories, not frozen spreadsheets.
Practically, having an MCP discovery engine enables:
- Launching “AI safety” and agent governance programs based on real data, not assumptions.
- Prioritizing fixes: closing off MCPs exposed to the internet or handling more sensitive data first.
- Aligning development, business, and security teams around a shared view of the “Action Layer”.
Salt MCP Finder is now available as a core capability within the Salt Illuminate platform, according to the company.
FAQs about MCP servers and Salt MCP Finder
What exactly is an MCP server in the context of agentic AI?
An MCP (Model Context Protocol) server acts as an intermediary between AI agents and the company’s systems. It exposes tools, APIs, and data sources in a standardized way so that agents can query information, perform actions, and orchestrate workflows without directly connecting to each application. Essentially, it’s a specialized “API broker” for AI agents.
Why have MCP servers become a new cybersecurity blind spot?
Because they can be deployed very quickly and by many different actors: development teams, business units, vendors, or open source repositories integrated with little security review. Many MCPs are not inventoried or audited, yet they can access sensitive data or trigger critical actions through AI agents. This makes them a key part of the so-called “Shadow AI.”
How does Salt MCP Finder differ from traditional API discovery tools?
While traditional solutions focus on mapping API endpoints and traffic, MCP Finder concentrates on identifying MCP servers that orchestrate interactions between agents and APIs. It combines three views—external exposure, code definitions, and runtime behavior—to generate a unified MCP registry. From there, it can assess security posture, exposed tools, and data handling.
Which organizations should prioritize MCP discovery in their security strategy?
Any company experimenting with AI agents connected to internal systems, with distributed development teams working on integrations, or managing a multicloud environment with many APIs. Sectors like banking, insurance, retail, healthcare, or SaaS with high automation are particularly vulnerable, as misconfigured MCPs could open the door to massive data breaches or uncontrolled actions by AI agents.
via: salt.security