MCP 'Mother of All AI Supply Chains' — Ox Security Discloses RCE-by-Design Flaw Exposing 200k Servers
This is the kind of security disclosure that deserves your full attention — not because it’s theoretical, but because it’s architectural, unpatched, and affecting software you almost certainly use right now. Ox Security published what they’re calling “the Mother of All AI Supply Chains” on April 16: a systemic flaw in Anthropic’s Model Context Protocol (MCP) that enables remote code execution by design, affecting an estimated 200,000 servers and tools with over 150 million downloads. ...