From One to Hundreds: The Rapid Rise of MCP Servers in Modern Enterprises

Read full article here: https://natoma.ai/blog/the-rise-of-mcps-225-per-organization-and-growing-fast/?utm_source=nhimg

At Natoma, we’re seeing a surprising trend: the average enterprise is already running 225 Model Context Protocol (MCP) servers.

That’s remarkable considering MCP adoption is still in its infancy. Today, MCPs are primarily used through developer IDEs, making usage mostly a technical-team phenomenon. But this won’t last long. As more workflows and client applications plug into MCPs, their footprint across the enterprise will multiply rapidly, bringing both productivity gains and serious security risks.

Why MCP Proliferation Matters

Each MCP server acts as a connector, exposing organizational datasets, APIs, and systems to LLMs. That means each one is:

• A new integration point for AI workflows
• A new surface area for productivity
• And a new attack surface if left unmanaged

The challenge? Most MCP servers today are spun up quickly and managed ad hoc—without standardized governance or security controls. That leaves CISOs and IT leaders asking:

• How many MCP servers are running right now?
• Are they secure and compliant?
• Are authentication and authorization policies being enforced?
• Could teams move faster if MCPs were hosted on a centralized, secure gateway?

Where MCP Servers Are Emerging Today

In our enterprise scans, MCPs most commonly appear in:

• Developer IDEs – powering copilots with context from codebases and APIs
• Prototyping environments – spun up for experiments or POCs
• Team-specific workflows – integrated into CI/CD pipelines, ITSM systems, QA scripts, or design tools

But as adoption spreads across business units, those 225 servers per org could balloon 5–10x, creating both efficiency and security challenges.

The Hidden Risks of MCP Sprawl

Our research reveals recurring patterns of misconfiguration that expand enterprise attack surfaces:

• Weak or missing authentication (open to any caller)
• Malicious supply chain issues (e.g., the postmark-mcp NPM backdoor exfiltrating emails)
• Excessive permissions granted instead of least privilege
• Secrets exposed in logs or plaintext configs
• Unpatched dependencies left running indefinitely
• Lateral movement opportunities via compromised MCPs

We’ve already seen real-world incidents. In one case, an Asana MCP server unintentionally exposed sensitive task data after an AI agent over-shared access. The server wasn’t malicious, it was simply misconfigured. But the risk to the business was immediate.

Why a Managed MCP Gateway Is the Answer

Rather than allowing hundreds of siloed, unmanaged MCPs, enterprises can take control with a secure, hosted MCP gateway.

A managed platform delivers:

• Visibility – complete inventory of every MCP server
• Security – standardized authentication, TLS, logging, and policy enforcement
• Efficiency – eliminate duplicate MCPs; build once, reuse everywhere
• Velocity – free engineers from hosting and patching servers, so they can focus on building AI-driven workflows

Your engineers should be innovating with AI, not firefighting server sprawl. As MCP adoption accelerates, centralizing management isn’t optional, it’s essential.

About Natoma

Natoma empowers enterprises to securely adopt AI agents at scale. Our secure agent access gateway provides enterprise-grade authentication, fine-grained authorization, and governance for MCPs, backed by flexible deployment models and 100+ pre-built MCP servers ready out of the box.

With Natoma, organizations gain visibility, security, and velocity, unlocking the full power of AI without compromising control.