OX Security disclosed Anthropic MCP runs any process command on the host. This holds whether a valid MCP server initializes. MCP is the link from AI tools to a machine. The flaw spans every official SDK (Python, TypeScript, Java, Rust). CVEs hit MCP Inspector, LibreChat, Cursor, and others. Anthropic confirmed the behavior intentional. When the vendor declines to fix the remote code execution path, defense moves to the application layer.#AI #CyberSecurity #InfoSec #MCP
Related
French AI startup Dust has raised 40M USD in Series B to build a 'multiplayer operating system for enterprise AI'. The p...
French AI startup Dust has raised 40M USD in Series B to build a 'multiplayer operating system for enterprise AI'. The platform lets businesses deploy AI agent fleets that work alo...
@newsletterTF If the companies had called their products “Probabilistic Text Generator” maybe nobody would even bother, ...
@newsletterTF If the companies had called their products “Probabilistic Text Generator” maybe nobody would even bother, but they called it “#AI”. 🫢
We've been part of the Glasswing Project since its inception. To our knowledge, we're the only EU-domiciled organisation...
We've been part of the Glasswing Project since its inception. To our knowledge, we're the only EU-domiciled organisation participating in the initiative, giving us a unique vantage...