OX Security proved STDIO transport is RCE by design. 9 of 11 MCP marketplaces accepted a malicious server without detection. Anthropic called it "expected behavior." This is the npm supply chain crisis, replaying at the agent layer — and marketplace review gates can't stop it. On April 15, 2026, OX Security published research under the title "The Mother of All AI Supply Chains." The finding: Anthropic's Model Context Protocol — the de facto standard for connecting AI agents to external tools — has a fundamental architectural vulnerability in every official SDK, across all ten supported languages. The vulnerability class is not a bug. It is how MCP was designed to work. MCP's STDIO transport accepts arbitrary command strings and passes them to subprocess execution without validation, sanitization, or sandboxing. The critical detail: commands execute before MCP handshake validation occurs. Pass a malicious command to the transport layer, receive an error — and the command has already run.…