<ul data-eligibleForWebStory="false"><li>Security experts discovered a critical-severity vulnerability in Anthropic's Model Context Protocol (MCP) Inspector project, allowing potential remote code execution attacks against host devices.</li><li>The flaw in the Inspector tool could have been exploited by hackers to steal data, deploy malware, and move laterally within networks.</li><li>To exploit the vulnerability, attackers needed to exploit a decades-old browser bug alongside the flaw in Inspector.</li><li>Anthropic addressed the flaw, tracked as CVE-2025-49596, in mid-June 2025 by issuing a patch to version 0.14.1, adding a session token and origin validation as preventive measures.</li></ul>

Security experts flag another worrying issue with Anthropic AI systems - here's what they found

Discover more