DocsQuick StartAI News
AI NewsMCP Ecosystem Stress Test: Out of 4,356 Servers, Only 1 Passed the New Specification
Industry News

MCP Ecosystem Stress Test: Out of 4,356 Servers, Only 1 Passed the New Specification

2026-07-12T16:03:44.236Z
MCP Ecosystem Stress Test: Out of 4,356 Servers, Only 1 Passed the New Specification

There are still two weeks before the new MCP specification takes effect on 2026-07-28, yet a scan of 4,356 publicly reachable servers shows that only one fully passed compatibility checks. This figure exposes the long-standing issues behind MCP’s rapid expansion.

With only half a month left before the new MCP specification (2026-07-28 version) officially takes effect, a developer named Roee Tsur did something nobody else had done: he scanned every publicly reachable MCP server one by one.

The results were posted on Hacker News: out of 4,356 reachable servers, only 1 fully passed the compatibility checks for the new specification. This is not a fraction of a percent issue — it’s 0.023%. You read that right.

Bar chart of MCP server specification compatibility scan results, with specification items on the horizontal axis and pass rate on the vertical axis

4355:1 — how was this scanned?

Roee’s tool is called mcp-spec-check. The idea is straightforward: obtain the server list from the MCP Registry, initiate handshakes one by one, and probe behaviors defined in the 2026-07-28 RC (Release Candidate) version — whether the server correctly responds to the new capability negotiation, whether the old Mcp-Session-Id header is still hardcoded into responses, which OAuth application type the authentication flow uses, and whether extension fields follow reverse-DNS naming.

Among the 4,356 reachable servers, most failed in the following areas:

  • Still relying on Mcp-Session-Id. This header was removed in SEP-2567, along with the associated protocol-level session mechanism. Nearly all older implementations using long-lived connections depended on it to maintain state. Once clients stop sending it, those servers immediately return 400 errors.
  • Server-initiated request timing violates the specification. The new specification (SEP-2260) explicitly requires that servers may only initiate requests to clients while processing an active client request. This effectively kills the old “chatty callback” design many servers used.
  • Extension field naming is inconsistent. SEP-2133 introduced reverse-DNS naming conventions. Extensions must live in separate ext-* repositories and be independently versioned by delegated maintainers. Most custom capabilities in older servers are still attached as bare fields with no migration work done.
  • Missing OIDC application_type. SEP-837 requires clients to explicitly declare native or web during dynamic registration to prevent authorization servers from treating desktop/CLI clients as web apps by default and rejecting localhost callbacks. The fix itself is small, but the impact is broad.

What is truly uncomfortable is that “1.” It is not even an official server from a major company — just a project by an unknown developer. Anthropic’s own reference implementation, GitHub’s official MCP server, and services from many leading vendors are all absent from that “1.”

This is not a new problem — it’s an old one finally exposed

Nobody in the industry should be surprised by this number. Since MCP exploded in popularity in the second half of last year, there has always been a “just get it working first” mentality.

  • The Registry only released a preview in September 2025. Before that, MCP server discovery and distribution were semi-chaotic, with many servers hosted on personal blogs, Gists, and Notion pages.
  • The protocol itself has been evolving rapidly. Features such as Streamable HTTP, Task lifecycles, and MCP Apps only stabilized over the past six months. SEP-2663 (the Tasks extension) directly rewrote the invocation lifecycle in stateless models — servers can now return a task handle first, while clients poll status using tasks/get, tasks/update, and tasks/cancel. This effectively means every server handling long-running tasks needs to be rewritten.
  • The community previously assumed “compatible” simply meant stdio could launch successfully. Most server authors never ran comprehensive specification conformance tests because tools for doing so did not previously exist.

Add MCP Apps (SEP-1865) on top of this, allowing servers to inject interactive HTML interfaces into hosts running in sandboxed iframes. This is both a major capability upgrade and a major security and compatibility burden — hosts must implement full sandboxing, while servers must reorganize UI logic. You can imagine the migration cost for older servers facing this feature.

A sharp analysis once posted on Zhihu argued that MCP has four major problems: non-standard authentication mechanisms, lack of tool risk warnings, tight client-server coupling, and unresolved distributed identity authorization. At the time it sounded like academic criticism. Now this scan result serves as empirical evidence supporting those critiques.

Editorial opinion: this 1/4356 result is not entirely bad news

First, some cold water. A 0.023% pass rate means the MCP ecosystem is still far from “safe to use with confidence.” Especially on the enterprise side, if you are currently evaluating whether to connect large numbers of public MCP servers in production environments, this data should make you reconsider. At minimum, after July 28, you are likely to encounter a concentrated wave of compatibility failures over the next one or two months.

But from another perspective, this is also the first time MCP has gained a real self-cleaning mechanism. During the ecosystem’s uncontrolled growth over the past year, nobody truly measured what “compliance” meant. Now there is a registry, tools like spec-check, and mandatory deprecation of legacy features (SEP-2577 explicitly deprecates three core features). For the first time, the ecosystem has a public answer to the question: what counts as compliant?

Compare it with other protocols:

| Protocol | Time from release to broad implementation compliance | Notes | |------|------|------| | HTTP/2 | About 2 years | Strongly promoted by major vendors and browsers | | gRPC | About 3 years | Tooling came first | | GraphQL | About 2 years | Semi-chaotic growth, never truly unified | | MCP | About 1.5 years so far | Currently 0.023% |

MCP’s timeline is actually not much worse than similar protocols. The difference is that someone finally held up a magnifying glass and exposed the process publicly. Other protocols also began with “if it connects, it’s fine” — nobody just performed this kind of public scan.

The 220-tool Zabbix MCP server is another signal

The same week this scan result was published, someone on Reddit open-sourced an MCP server covering all 57 Zabbix API groups and exposing 220 tools. You can think of it as “I want to expose the entire Zabbix operational surface area to an LLM.”

This is where things get interesting:

  • On one hand, the MCP ecosystem is still rapidly expanding in breadth. The fact that a protocol can convince an operations vendor to expose 220 tools shows the model itself works.
  • On the other hand, this “bulk export the entire API” style of server is exactly the type most likely to break under the new specification. They typically involve many long-running tasks, require server-initiated notifications, and have complex session management.

In other words, the largest MCP servers are also under the greatest migration pressure. That is why this scan’s low pass rate matters so much — it suggests that over the next few months, we will see many servers in a limbo state where “they connect, but behave incorrectly.”

Timeline: what happens after July 28

According to the schedule on modelcontextprotocol.io, 2026-07-28 is the date the new specification officially takes effect. After that:

  1. Mainstream hosts (Claude Desktop, Cursor, IDE plugins, etc.) will gradually switch to the new protocol negotiation flow. Older servers will begin producing “starts successfully but unusable” errors.
  2. The Registry will update metadata fields to indicate the specification versions servers declare support for. Compliant servers will receive priority recommendations in clients.
  3. The transition period will probably last until Q4. Experience shows protocol-level migrations are never truly clean — some servers will remain on old versions for a long time until hosts completely remove backward compatibility.

For developers, what needs to be done over the next two weeks is clear:

  • Run mcp-spec-check against any MCP servers you maintain (the tool is already open-source on GitHub).
  • Check assumptions in your code regarding Mcp-Session-Id, initialize response structures, timing of server-initiated requests, and extension naming.
  • If you use OAuth, verify application_type declarations.
  • If you handle long-running tasks, migrate to the Tasks extension as soon as possible.

An industry-side observation

MCP’s current situation is actually very similar to gRPC around 2016 — the protocol itself is well designed, but ecosystem implementation quality varies widely. The difference is that MCP directly standardizes “AI calling external tools,” so the cost of failure is much higher than with gRPC: if the ecosystem fragments, the usable toolset for AI agents fragments along with it.

This is also why OpenAI has not yet clearly stated whether it will fully adopt MCP. One possibility is that it introduces its own specification, which would create a true “small yard, high wall” ecosystem. But judging from this 1/4356 result, the MCP camp first needs to solve its own compliance problems — otherwise the ecosystem may fragment before external competitors even intervene.

Incidentally, if you are using aggregation platforms such as OpenAI Hub, MCP server compatibility issues currently will not directly affect the API invocation side — those platforms aggregate model capabilities, while MCP is a client-tool-side protocol. But if your own agent stack uses both aggregated models and MCP toolchains, you should pay close attention to this protocol transition after July 28.

Finally, whoever owns that “1” passing server is worth studying for every MCP server author. It may be the most valuable single-point certification the MCP ecosystem has produced in the past six months.

References

Related Articles

View All

Contact Us

We usually reply quickly during business hours

Scan WeChat

Support: Hub Assistant

WeChat ID: