Governance frameworks for agentic AI call for identity, authorization, auditability, and human oversight, but these requirements often remain abstract. This study measures whether those controls exist in practice across 945 Model Context Protocol (MCP) servers drawn from a population of 17,563, using deterministic analysis, LLM verification, and human-validated classification. Tools are classified on two axes -- read/write and sensitivity -- and scanned for seven accountability gap patterns. We find that 71% of source-available servers exhibit at least one gap (95% CI: 67.6%, 74.0%). This is a lower bound: the gap construct requires that governance infrastructure be present to be found deficient, so a server with no governance at all exhibits zero gaps and is not flagged. Two patterns lead in near-equal measure: global authentication applied uniformly across tools of differing sensitivity (41%) and authenticated access without actor-attributed logging (40%). An additional 20% of the sample (185 remote-only servers) is fully opaque to assessment. Drawing on XACML and NIST SP 800-162, we distinguish six governance concerns. Only enforcement and audit are fully observable from source code (policy authoring partially so), and we operationalize these; the remaining three require runtime instrumentation. Two structural findings emerge. The enforcement-audit gap: 81% of servers authenticate callers, but only 17% attribute logged actions to specific principals. The sensitive-read gap: 198 tools across 91 source-available servers expose protected data through read operations that would be invisible to write-focused governance models, and 79% of these servers lack co-located audit logging.
Brian Fending (Mon,) studied this question.