‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
Summary
Researchers have identified a flaw in Anthropic's Model Context Protocol (MCP, a system that allows AI models to interact with external tools and data) that permits unsanitized commands (user input that hasn't been cleaned or verified) to run without warning, potentially giving attackers complete control over systems using this AI technology. This vulnerability could be exploited across many widely-used AI environments as part of a supply chain attack (where attackers compromise a tool or service used by many organizations to gain access to their systems).
Classification
Affected Vendors
Related Issues
Original source: https://www.securityweek.com/by-design-flaw-in-mcp-could-enable-widespread-ai-supply-chain-attacks/
First tracked: April 15, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%