腾讯网

AI 圈地震:MCP 设计缺陷影响超 20 万台服务器

IT之家 4 月 16 日消息,网络安全公司 OX Security 昨日(4 月 15 日)发布报告,披露 Anthropic 的 MCP(模型上下文协议)存在设计缺陷,可导致远程代码执行。该设计缺陷影响范围极广,导致超过 20 万台 AI ...
腾讯网

Anthropic拒绝修复MCP设计缺陷,20万台服务器面临安全风险

Ox安全研究团队表示,他们曾多次要求Anthropic从根本上修复这一问题,但均遭拒绝。Anthropic方面坚称该协议运行正常,尽管已有10个与MCP相关的开源工具和AI智能体获得了高危或严重级别的CVE编号。Ox认为,一次根本性的架构修复,原本可 ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

MCP设计缺陷波及超20万台服务器、3万代码库,Anthropic发警示文档草草 ...

智东西4月17日消息, 4月15日以色列网络安全公司OX ...

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...
Infosecurity Magazine

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads

However, in a report published on April 15, researchers at Ox Security claimed that a flaw in the protocol could enable ...
heise online

Model Context Protocol: Application example in TypeScript

The AI company Anthropic, which was founded in 2021 by former OpenAI employees, has developed the Model Context Protocol (MCP) with the aim of standardizing communication between Large Language Models ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
Visual Studio Magazine

Hands On: Building an MCP Server with VS Code AI Toolkit's New Tool Catalog

Microsoft's AI Toolkit extension for VS Code now includes a Tool Catalog that can scaffold a Python or TypeScript MCP server with the core transport and registration plumbing already set up. In ...