A cybersecurity firm’s investigative report has unveiled that the open-source Model Communication Protocol (MCP) standard, introduced by Anthropic in November 2024, contains architectural vulnerabilities that could enable remote code execution, potentially compromising over 200,000 AI servers. The root cause lies in the MCP Software Development Kit’s (SDK) STDIO interface, which harbors severe underlying flaws in its execution logic. These vulnerabilities affect all 11 programming languages supported by the SDK. OX Security successfully demonstrated four distinct attack vectors, including the hijacking of the LangFlow platform and a man-in-the-middle attack on Letta AI.

Anthropic’s initial response downplayed the severity, labeling the flaws as “expected behavior” and opting solely to update its security documentation. However, researchers’ tests revealed that the majority of MCP marketplaces lack rigorous security reviews. While some platforms have already rolled out patches, others remain unaddressed. Developers currently utilizing or considering the adoption of MCP are strongly advised to take this report seriously and assess their security measures accordingly.