Authentication in MCP: What 518 Production Servers Actually Do

Authentication in MCP: What 518 Production Servers Actually Do Stack Overflow's engineering blog recently published a thorough explanation of how authentication should work in MCP. The spec is clear. The tooling is improving. But I've been scanning real production MCP servers for the past three months. Here's what they actually do. The Numbers I scanned 518 MCP servers from the official registry and the broader ecosystem. Here's the breakdown: 304 servers (59%) — authentication present (OAuth, API keys, or bearer tokens) 214 servers (41%) — no authentication at all 156 servers — no auth and expose callable tools to anyone 41% without auth isn't a tail risk. It's the default behavior for a significant portion of the ecosystem. Three Architectures I Found Architecture 1: MCP-Layer Auth (Enterprise) Tools like Slack, Linear, and GitHub's official MCP servers enforce OAuth at the MCP protocol level. The client must authentic