codelake Research · Publications

Security research for the agent era.

The security research program behind codelake. Continuous threat intelligence across the software supply chain — npm, Composer and the MCP / AI agent ecosystem.

1
report published
40+
primary sources cited
CLR-YYYY-NNNN
advisory scheme
Featured · latest edition
All publications →
Annual Report First Edition
codelake Research

The State of MCP 2026

June 2026 10 pages 18 min read

An annual review of the Model Context Protocol ecosystem: adoption, governance, threat landscape and the emerging security stack.

In eighteen months, the Model Context Protocol went from an open-source announcement to the default integration layer between AI agents and the systems they act on. Security has not kept pace. This first annual edition closes that gap with data — mapping adoption, governance, the threat landscape and the defense stack now forming around MCP.

MCPEcosystemThreat LandscapeGovernanceSupply Chain
The program

One research program, several outputs.

codelake Research is the security research program behind codelake. Reports are public today; the registry monitoring that feeds our advisories runs continuously in the background.

Available now

Research reports

Annual reports, threat briefs and technical notes on MCP and the AI agent supply chain.

Open scheme

Security advisories

Confirmed findings published under the CLR-YYYY-NNNN scheme, in OSV-compatible format.

Ongoing

Supply-chain monitoring

Continuous scanning of the npm registry — Composer next — for vulnerabilities and malicious packages.

Stay current

New editions, in your inbox.

Get notified when codelake Research publishes a new report, threat brief or quarterly advisory roundup. No marketing — just the research.

We use your address only to send research updates. Unsubscribe anytime.