Researchers at OX Security discovered an architectural vulnerability affecting 200,000 Model Context Protocol servers. The flaw enables command execution across the entire MCP ecosystem. MCP serves as the open standard for AI agents to communicate with tools and data sources. Anthropic created the protocol, and major players adopted it quickly. OpenAI integrated MCP in March 2025. Google DeepMind followed suit. Anthropic then donated MCP to the Linux Foundation in December 2025, signaling its commitment to industry standardization. The protocol has accumulated over 150 million downloads. The vulnerability runs deep in MCP's architecture, meaning it impacts every implementation built on the standard. Anthropic's response framed the command execution capability as an intended feature rather than a flaw. This distinction matters because it suggests the company views the behavior as part of the design, not a security gap requiring remediation. The findings raise questions about the security posture of widely-deployed AI infrastructure. With major tech companies relying on MCP, the architectural issue presents a systemic risk across AI agent deployments. The disclosure comes as enterprises increasingly deploy AI agents to interact with critical systems and data sources.