A security audit tool called mcp-security-audit has revealed compliance issues with Anthropic's official Model Context Protocol (MCP) servers, which are widely used by AI coding tools. The audit found that Anthropic's `server-filesystem` had critical vulnerabilities, including undocumented destructive tools and unconstrained file path parameters, failing to meet requirements of the upcoming EU AI Act. While the `server-sqlite` also showed some issues with unconstrained SQL queries, six other MCP servers passed the audit with high scores, demonstrating that compliant server development is achievable. AI
Summary written by gemini-2.5-flash-lite from 1 source. How we write summaries →
IMPACT Highlights potential compliance risks for AI tools integrating with MCP servers, especially concerning the EU AI Act.
RANK_REASON Release of an open-source security audit tool with findings on a specific company's product related to upcoming regulations. [lever_c_demoted from research: ic=1 ai=0.7]