Eight AI agent frameworks disclosed the same class of remote code execution vulnerability in a single week because the entire ecosystem shares a cognitive failure: treating LLM output as trusted data rather than untrusted instructions.
MCP's trust architecture makes any exposed management interface a pre-authenticated command shell by design, not by accident, and two RCE vulnerabilities in the same week reveal a deployment curve that has outrun both audit methodology and detection playbooks.
Security