major labs
Open data

The agentic web, measured

An open, versioned read on the public MCP server ecosystem, triangulated across four sources and updated weekly. The headline counts everyone repeats are inflated; the useful signal is the gap between what registries advertise and what is actually maintained. Code and methodology are public so anyone can check us.

Latest scan: 2026-06-06 · 18 scan passes to date · the series cannot be backfilled.

From advertised to evaluable

Registries advertise an order of magnitude more servers than are genuinely usable. Glama alone auto-indexes 31,752 repos. Here is the drop from everything catalogued to the maintained, evaluable working set.

Advertised across all sources
~38,157
distinct repos; +1,909 remote-only servers
In the official registry
10,997
authoritative listing
We deep-scanned firsthand
2,468
full metadata + maintenance assessment
Maintained (pushed < 180d)
1,885
actually kept current
Genuinely evaluable
~1,200
thin/experimental repos excluded

By source

SourceListedWith a repoRemote-only
Our GitHub deep-scan2,4682,468
Glama31,75231,7520
Official MCP registry10,9979,3881,609
Smithery (reports 5,933; API exposes 300)3000300

Deduped union across all sources: 38,157 distinct repositories plus 1,909 remote-only / hosted servers with no public repo.

The subset we assess in depth

2,468
we deep-scanned firsthand
~1,200
genuinely evaluable (not 38,000)
1,885
maintained (active < 180d)
583
gone quiet (> 6 months)
77.6%
carry an OSI license
40.6%
expose a remote HTTP surface

The series

Catalogued servers (orange) and the maintained subset (grey, dashed), captured weekly. It starts thin on purpose: a longitudinal record can't be reconstructed after the fact, so the value is in starting it and never missing a week.

1,8402,46805-3106-0106-06

Methodology & honest caveats

  • Firsthand and open. Scanned via the open-source scanner (GitHub topic + org search). Read-only; no third-party servers are probed.
  • Four sources, deduped. Beyond GitHub topic search we cross-reference the official MCP registry, Glama, and Smithery, then dedupe by repository. Glama auto-indexes broadly (low signal); the official registry is authoritative; Smithery's public API exposes only 500 of its reported 5,933.
  • Population is a lower bound. Search-driven discovery misses untagged repos, so the true count is somewhat higher than what we catalogue.
  • Transport is a heuristic. stdio / HTTP / both is inferred from README phrasing. A signal, not ground truth.
  • No security scores yet. Vulnerability probing is a later sweep; we don't publish those numbers as fact until it runs.

Download

Cite this

Major Labs (2026). State of MCP: an open dataset of the public MCP server ecosystem. majorlabs.co/data, accessed 2026-06-06.

Stable URL. A versioned DOI is planned.