Live statistics from MarketNow's audit of 8,764 MCP servers. Updated weekly.
Based on 206 L2.5 gVisor sandbox audits. The 103 "0/10" servers failed to start under gVisor — likely due to incompatible syscalls, not necessarily malicious.
| Category | Servers | Share |
|---|---|---|
| Developer Tools | 6,137 | 70.0% |
| AI/ML | 433 | 4.9% |
| Data | 411 | 4.7% |
| Search | 333 | 3.8% |
| Finance | 283 | 3.2% |
| Communication | 288 | 3.3% |
| Productivity | 328 | 3.7% |
| Security | 224 | 2.6% |
| Other | 327 | 3.7% |
| Layer | Status | Coverage | What it does |
|---|---|---|---|
| L1.5 | ✅ Live | 5,120 skills | Static analysis (deps, secrets, licenses) |
| L1.6 | ✅ Live | 5,120 skills | Pattern-based behavioral analysis |
| L2 v2.0 | ✅ Live | 206 skills | Active probe (60+ adversarial inputs) |
| L2.5 | ✅ Live | 206 skills | gVisor sandbox (userspace kernel) |
| L3 | ⏳ Q1 2027 | — | Firecracker microVM (KVM isolation) |
| L4 | ⏳ Q4 2026 | — | Supply chain attestation (SLSA) |
| L5 | ⏳ Q3 2027 | — | Third-party audit (Trail of Bits) |
tools/call (args passed to eval() without sanitization)ptrace() — blocked by gVisorbpf() — blocked by gVisor60+ adversarial inputs sent via real MCP protocol (initialize, tools/list, tools/call)
Loading npm stats...