Anthropic MCP Supply Chain Flaw Enables Command Injection
A structural vulnerability in Anthropic's Model Context Protocol (MCP) allows unsanitized commands to be executed silently within AI environments, potentially enabling full system compromise. Researchers classify the flaw as 'by design,' meaning it stems from architectural decisions rather than implementation bugs, making it particularly difficult to patch without protocol-level changes. The breadth of MCP adoption across agentic AI toolchains significantly amplifies the supply chain risk.