A security audit by OX Security claims MCP’s default STDIO transport can execute arbitrary operating system commands received by an AI agent. Researchers found 7,000 publicly reachable servers and estimate 200,000 vulnerable instances, confirming impact across multiple production platforms. Anthropic says the behavior is expected by design and leaves input sanitization to developers. Security leaders warn this is a dangerous, scalable “distributed failure mode.”
Swipe through stories, personalise your feed, and save articles for later — all on the app.
