# The AI Agent Security Hole Hidden Inside the MCP Specification

- slug: the-ai-agent-security-hole-hidden-inside-the-mcp-specification
- date: 2026-04-04
- category: Agentics

Three distinct attack families target the AI agent stack. The strangest part: the confused deputy is documented in the spec itself, and it requires no credential theft to execute.

---