Serious Flaws Patched in Model Context Protocol Tools

Always Secure MCP Servers Connecting LLMs to External Systems, Experts Warn Mathew J. Schwartz (euroinfosec) • July 9, 2025

It's happening again. New technology rolled out to great fanfare has security holes that researchers are finding they can drive a figurative truck through. Now up is model context protocol, a standard designed to make it easy for artificial intelligence tools to connect with external applications and data sources can be turned to malicious use.

See Also: Proof of Concept: Rethinking Identity for the Age of AI Agents

Researchers said Wednesday they've discovered two separate vulnerabilities tied to tools in the ecosystem around the open protocol introduced by Anthropic last November. MCP provides a standardized - and widely adopted - method for connecting large language models with external data and systems. Developers use it to build better chat interfaces, custom AI workflows, build AI coding assistants into development environments and ...