Hidden Cracks in AI involving Microsoft and Anthropic AI MCP servers.

Описание: 🤖 *DO NOT TRUST ROBOTS?* 🤖 Maybe not yet, but the "Internet of AI" just got a whole lot riskier! In this video, we are breaking down the massive security wake-up call involving *Microsoft and Anthropic AI MCP servers.* 🚀

If you’ve been using autonomous agents to fetch data or convert files, you need to hear this. Researchers have discovered that the very protocols meant to make AI more useful are currently acting as a "dangerously underestimated threat vector". We are diving deep into how simple chatbot connections have evolved into a "toxic combination" that could lead to full system takeovers.

*What’s inside today’s update:*

❌ *The Microsoft SSRF Scare:*
Microsoft’s popular *MarkItDown MCP server**—boasting over 85,000 stars on GitHub—has been found to have a severe **Server-Side Request Forgery (SSRF)* vulnerability. Because it doesn't restrict user input when fetching files, attackers could potentially trick it into reaching internal company resources or even stealing *AWS cloud credentials**. Even scarier? It’s estimated that **36.7% of all MCP servers* on the web today might have this same exposure.

❌ *Anthropic’s RCE Chain:*
Even the creators of the MCP standard aren't immune! Researchers at Cyata revealed how they chained three different vulnerabilities (CVE-2025-68145, CVE-2025-68143, and CVE-2025-68144) in *Anthropic’s Git and Filesystem MCP servers* to achieve **Remote Code Execution (RCE)**. This means a malicious file—like a "slimy README"—could secretly instruct an AI to overwrite system files and run attacker-defined commands.

*Key Takeaways for Developers & AI Users:*
*Hyperconnected agents* are powerful but carry hidden risks when they can perform unmonitored actions across SaaS platforms.
Anthropic has released a fix (version 2025.12.18) to address their Git server flaws, but the irony remains: if the industry leaders get it wrong, everyone can.
Microsoft maintains that the risks are low if the software is used as intended, but experts warn that users will always find ways to push tools beyond their original design.

Don't let your AI assistant become a secret gateway for hackers! 🛡️ Stay informed, update your servers, and always keep an eye on those permissions.

*If you found this breakdown helpful, hit that LIKE button and SUBSCRIBE for more deep dives into the world of AI security!* 🔔

🔗 *Source Attribution:*
Information in this video is based on reporting by Nate Nelson for **Dark Reading (TechTarget and Informa)**, published 20 January 2026.

#AISecurity #CyberSecurity #Microsoft #Anthropic #MCP #TechNews #Programming #CloudSecurity #BugBounty #ArtificialIntelligence