Model Context Protocol (MCP) has, almost overnight, become a mainstay for developer tools and enterprise AI workflows. Anthropic open-sourced MCP in late 2024 and later donated it to the recently established Agentic AI Foundation (AAIF), a Linux Foundation project.

As AI agents and large language model (LLM) applications start to put MCP servers into use, trends are emerging. A number of helpful studies, reports, benchmarks, and data points now paint a holistic picture of MCP’s traction, what MCP servers look like, adoption rates, and how companies are using MCP.

Yet, a number of reports also expose some of the downsides, such as a rise in context window usage due to MCP and security vulnerabilities involving MCP. Below, we’ll cover a number of interesting statistics about MCP usage and growth that highlight MCP’s cementation within today’s and tomorrow’s AI infrastructure.

1. There Are 20,000+ Public MCP Servers

MCP adoption has soared, and clear evidence of this is the number of public MCP servers in the market. MCP.so, an MCP directory, catalogs over 21,000 MCP servers. Glama.ai lists over 23,000 servers. The downside with these benchmarks is that they only consider public MCP servers, not internal-facing servers. So, the total number of servers in use is likely much higher.

2. Tens of Millions of MCP Servers Are Downloaded Per Month

The team behind Pulse MCP, a directory of MCP servers, clients, and other resources, shares public statistics that are updated on an ongoing basis. According to their estimations on MCP ecosystem-wide metrics, in April 2026 local MCP servers were downloaded 67 million times. By combining SEO signals and web traffic, they also estimated MCP servers racked up about 18 million total views per week.

Given that estimates put the total number of worldwide developers at about 50 million, by simple math that means a single developer is downloading over one MCP per month. This really speaks to how MCP has emerged as a standard package in developer workflows.

3. 72% of Developers Expect MCP Usage to Increase

MCP has surged in popularity, but the industry still anticipates further growth. Zuplo’s State of MCP report from early 2026 surveyed nearly 100 technical leaders on their use of MCP, including both MCP server providers as well as MCP server users. Overall, they are bullish on MCP, with 72% expecting their MCP use to increase in the next 12 months. Zuplo’s report also found that 58% of MCP builders are creating MCP wrappers around existing APIs.

The study also exposed some interesting emerging patterns on the developer consumer side. For instance, most MCP users have 2-7 MCP servers configured. Plus, the findings indicate that MCP is complementing context engineering efforts, given that 63% of MCP users use it to sync with data sources, such as documentation, knowledge bases.

4. MCP Drives 700% Growth in Claude Usage

Other intriguing statistics lie in how MCP is being leveraged within individual organizations. For example, Workato’s 1,000 employees were given access to Claude for Business and originally only used it for 150-200 chats per day. But, when they integrated read-only MCP servers, usage quickly jumped by 700%, to around 1,000 chats per day.

Now, employees at Workato are using enterprise-grade MCP servers to coordinate business workflows, including building new financial workflows, guiding bug fixes, and empowering their revenue team with new capabilities.

While increased chats and new workflows aren’t really a metric of success on its own, actual business outcomes are. Workato’s CIO reports they’ve generated $2.7 million in new sales opportunities using an internal agent.

5. MCP Servers Have a Median of 5 Tools

Other research sheds light on the structure of individual servers. For instance, Henley Wing Chiu, a researcher for Bloomberry, analyzed 1,400 MCP servers and discovered a number of interesting patterns. One is regarding how many tools each server has. 46% have one to four, whereas 19% have five to nine, and 15% have 10-19 tools, with smaller outliers for higher numbers of tools. The median number of tools per server is five.

The bulk of MCP tools are for read operations. Of the 4,126 tools Bloomberry analyzed, 52% were read operations, 25% were write operations, and 23% were unclassifiable. Bloomberry also notes some other interesting data points:

• The pace of MCP growth is accelerating, with 232% growth over six months.
• 70% of MCP servers are from B2B companies.
• Of the servers Bloomberry could determine the authentication method, 38.7% have no authentication.
• 93% of MCP servers are already using Streamable HTTP, the current MCP transport standard, versus 7% still using the deprecated SSE transport.

6. Alternative Hosting Platforms See 275% Higher Share for MCP

Data is also emerging around how MCP servers are hosted. Amazon Web Services (AWS) is still the cloud of choice for most, hosting 53% of API deployments and 60% of all managed MCP servers, according to Bloomberry data. Yet developer-favorite platforms like Vercel, Railway, and Render show a significant shift in MCP hosting.

Whereas these alternative hosting platforms account for only 2.4% of traditional API subdomains, they account for a combined 9% of total MCP servers. That’s a 275% relative increase. While 9% is still a relatively small share overall, it suggests that MCP servers are more likely to be hosted on newer platforms designed for quick deployment, developer experience, and AI-native projects. This also follows a broader rise in alternative clouds, sometimes called neo clouds.

7. 43% of MCP Servers Contain Command Injection Flaws

Other statistics about MCP usage are more concerning. For example, in 2025, Equixly found that 43% of the MCP servers they tested contained command injection vulnerabilities, an advanced type of Remote Code Execution (RCE) flaw.

Research also discovered that 22% of MCPs allowed reading files outside of intended directories, and 30% permitted unrestricted URL fetching. Although MCP security awareness is improving, many servers are still being developed without scoped permissions or standard authentication and AI-native authorization controls across multiple servers in use.

8. Half of MCP Servers Rely on Static Credentials for Access

As the State of MCP Server Security 2025 report details, researchers at Astrix analyzed 5,200 unique, open-source MCP server implementations and found that 53% of MCPs rely on insecure, long-lived static secrets, such as API keys and personal access tokens (PATs).

API keys shouldn’t be treated as hardened security tokens — they’re long-lived, leaked often, and easily replayable by attackers. However, MCP servers are routinely relying upon static keys for authentication.

For years, OAuth has been a primary standard for delegated API authorization and token-based access control. However, MCP access has not caught up, as Astrix found that only about 8.5% of analyzed servers use OAuth.

9. A Few MCP Servers Can Take Up 16% of Your Context Window

Another concerning area is MCP token bloat. In one developer’s experience, MCP tool definitions accounted for 16.3% of a 200,000-token context window in Claude Code before he had even started a meaningful conversation.

To reduce footprint, experts recommend auditing your server footprint, being more selective about what MCPs are automatically enabled by default, and adopting progressive disclosure to help rein in token use. Another approach is to use code execution environments for MCP.

10. Code Execution Style Can Reduce MCP Tokens by 98.7%

Anthropic stated that, in one Google Drive-to-Salesforce example, code execution with MCP reduced token usage from 150,000 tokens to 2,000 tokens, equating to a 98.7% time and cost savings. A similar approach from Cloudflare, called Code Mode, can reduce unnecessary LLM round trips and help agents handle numerous MCP tools more efficiently.

It’s more than just slimming down what an agent is exposed to in discovery. Code execution layers can reduce unnecessary waste when working with MCPs and underlying API calls. The makers of port of context (pctx), an open-source code execution variant, ran their own benchmarking and found that “across 12 Stripe MCP tasks, Code Mode was 56% cheaper and used 58% fewer tokens.”

MCP: The Proof Is in the Data

These data points on MCP adoption statistics help paint a clear picture of the current cycle around MCP. As AI agent usage statistics rise, the adoption and interest in MCP as a universal connector is soaring in parallel.

It will be interesting to follow the trends in other areas, such as MCP registry growth, MCP gateway usage data, and other tooling points related to agentic consumption of MCP that we’ll likely see as the protocol matures. To reiterate, it’s still early days with MCP, and the industry is still laying the groundwork for best practices and experimenting with AI workflows in production.

What it will take next is overcoming optimization, authentication, and other security hurdles that still plague MCP usage within enterprise scenarios. Once enterprises can figure out solutions for this, MCP is set to scale more broadly and become “boring” technology powering the future of agentic software systems.