‘This is not a traditional coding error’: Experts flag potentially critical security issues at the heart of Anthropic’s MCP, exposes 150 million downloads and thousands of servers to complete takeover

Ox researchers warn Anthropic’s Model Context Protocol has systemic RCE flaw
Vulnerability baked into MCP SDKs across Python, TypeScript, Java, Rust
200,000+ instances exposed; Anthropic says behavior is “expected”

Security researchers Ox have claimed Anthropic’s Model Context Protocol (MCP) contains a “critical, systemic vulnerability” which puts hundreds of thousands of instances at risk of remote code execution (RCE).

Anthropic, on the other hand, allegedly said the system works as intended.

AI tools securely connect to external data sources and apps. It is a vital component of any model because without it, it can only rely on the data it was trained on. The standard is used by both AI companies and developers building AI tools, and it is seen in both OpenAI and DeepMind products, as well as Anthropic’s own Claude apps.

Article continues below

Millions are affected

In its findings, Ox researchers Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok, and Roni Bar, said that what they found in MCP was not a “traditional coding error”, but an “architectural design decision baked into Anthropic’s official MCP SDKs across every supported programming language, including Python, TypeScript, Java, and Rust.”

“Any developer building on the Anthropic MCP foundation unknowingly inherits this exposure,” they warned.

malicious marketplace distributions.

They claim to have successfully executed commands on six live production platforms and identified critical vulnerabilities in “industry staples like LiteLLM, LangChain, and IBM’s LangFlow.”

The researchers said more than 7,000 publicly accessible servers and up to 200,000 instances are now vulnerable. So far, they’ve issued 10 CVEs and helped remedy the bugs. “However, the root cause remains unaddressed at the protocol level.”

Ox also said it reached out to Anthropic and recommended root patches, to which the company said the MCP’s behavior is “expected”.

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

https://cdn.mos.cms.futurecdn.net/N6EmHQVVkmEHHmq7P3oCec-2560-80.jpg

Source link

Ex-PlayStation boss says Microsoft is ‘trying so hard to will’ Xbox Game Pass ‘into health’ and suggests ‘a clarifying post mortem would do the...

D-Link Aquila Pro AI R95: high-speed Wi-Fi 7 at a competitive price

D-Link Aquila Pro AI R95: high-speed Wi-Fi 7 at a competitive price

Crimson Desert is ‘not a copy of other AAA games’ according to The Witcher 3 director — and after my 175 hours of playtime...

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Netflix Enlists Brian Williams for New Podcast ‘We’re Back!’

Pnina Tornai on the Top 2026 Wedding Dress Trends

The White Lotus Meets Yellowstone In Netflix’s The Hunting Wives

Rosamund Pike Leaves ‘The Wheel of Time’ Behind in Side-Splitting First Trailer for New Netflix Movie

Morocco stocks lower at close of trade; Moroccan All Shares down 0.02%

Pope Leo XIV: A ‘handful of tyrants’ are ravaging earth with war and exploitation

UBS reiterates Quidel stock rating at Neutral on weak Q1 results

American YouTuber who calls himself a ‘troll’ sentenced to 6 months in Korean prison for literally dancing on wartime graves

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays