American Banker

Unpatched AI flaw poses risk to banking sector

An unpatched vulnerability in Anthropic's Model Context Protocol creates a channel for attackers, forcing banks to manage the ...
Tom's Hardware on MSN

Anthropic's model context protocol includes a critical remote code execution vulnerability

A design choice in the MCP SDKs allows remote code execution across the AI supply chain.
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

Anthropic MCP协议现架构缺陷 厂商拒改致多项目存严重风险

安全研究团队OX Security近日披露,由Anthropic公司开发并维护的AI通信协议标准MCP(Model Context ...

Anthropic拒绝修复MCP设计缺陷,20万台服务器面临安全风险

Ox安全研究团队表示,他们曾多次要求Anthropic从根本上修复这一问题,但均遭拒绝。Anthropic方面坚称该协议运行正常,尽管已有10个与MCP相关的开源工具和AI智能体获得了高危或严重级别的CVE编号。Ox认为,一次根本性的架构修复,原本可 ...
头部财经

爆雷!Anthropic MCP 协议被曝重大架构缺陷,数十个严重漏洞引爆 AI ...

近日,由人工智能巨头 Anthropic 推出并维护的行业标准通信协议——模型上下文协议(Model Context Protocol,简称MCP)遭遇严重安全挑战。安全研究团队 OX Security 发布报告指出,该协议在架构层面存在根本性设计缺陷,可能导致服务器被诱导执行任意代码(RCE),目前已关联出 10 个“严重”级别的 CVE 编号,且数量仍在持续增加。 作为一项旨在标准化 AI 模 ...
ZAKER

Anthropic MCP 协议存严重缺陷,厂商拒绝修复

IT 之家 4 月 18 日消息,安全研究团队 OX Security 本周(4 月 15 日)发现,Anthropic 创建、维护的行业标准 AI 通信协议 MCP(IT 之家注:Model Context Protocol)存在设计缺陷, ...

Anthropic MCP 协议被指存在设计缺陷,服务器可被诱导执行任意代码

团队建议,所有用户都不应该将大语言模型、AI 工具等暴露在公网环境,并且将 MCP 输入直接视为不可信数据,防止提示词注入。同时启用沙箱环境运行服务并时刻更新最新软件,将权限锁住。