Anthropic won't fix a bug in its SQLite MCP server

Anthropic says it won't fix an SQL injection vulnerability in its SQLite Model Context Protocol (MCP) server that a researcher says could be used to hijack a support bot and prompt the AI agent to send customer data to an attacker's email, among other things.

MCP is an open-source protocol that Anthropic introduced in November 2024 to allow AI-based systems, like agents and large language models (LLMs), to connect to external data sources and interact with each other.

Anthropic's SQLite MCP server is a specific implementation of MCP that enables AI assistants – like the company's own Claude – to interact directly with SQLite databases. In theory, the tool makes it possible for users of the company’s AI assistant to query the database using natural language, analyze files, produce reports, and perform other tasks.

This new feature also has a security hole that "could affect thousands of ...