Security researchers have spotted what they think is the world's first malicious model context protocol (MCP) server, made available as open source on Microsoft owned code repository GitHub.

MCP was created by Anthropic, with researchers criticising the protocol for its optional security approach and vulnerabilities.

It is designed to provide a standardised protocol for connecting AI applications to external data sources, tools, and APIs.

This is to eliminate the need for custom integrations between each AI system and each external resource.

Now, endpoint security vendor Koi said it had found a malicious version of the postmark-mcp package, used for sending email through the Postmark service, on GitHub,

Fifteen versions of postmark-mcp were published until version 1.0.16 added a sin

See Full Page