TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

AI vendors including Anthropic, Google, and Microsoft are dismissing security vulnerabilities in their AI agents and protocols as 'expected behavior' or 'by-design risks' rather than fixing them. Three popular AI agents integrated with GitHub Actions were shown to be hijackable for credential theft, yet none of the vendors issued CVEs or public advisories. Separately, a design flaw in Anthropic's Model Context Protocol (MCP) puts an estimated 200,000 servers at risk, but Anthropic refuses to patch the root issue. The author argues this pattern of deflecting responsibility onto downstream developers and end users reflects a dangerous lack of maturity from AI companies, compounded by the absence of US federal AI regulations.

AI vendors' response to security flaws: It wasn't me