A fundamental flaw in Anthropic’s Model Context Protocol has turned a cornerstone of AI agent communication into a gateway for remote code execution. Security researchers at OX Security uncovered the issue, baked into the protocol’s STDIO transport mechanism from day one. Developers who adopted MCP across Python, TypeScript, Java, and Rust implementations now face arbitrary command execution on their systems. Attackers gain full access. User data spills. API keys vanish into the ether. MCP launched in late 2024 as an open standard to connect large language models to external tools, databases, and services. Think of it as plumbing for AI agents—essential for everything from code assistants to enterprise data pipelines. But the STDIO interface, designed for local subprocess spawning, executes any command passed in configuration, error or not.…