AI capabilities are evolving at breakneck pace while the infrastructure supporting them is being built without a safety net. When OX Security discovered an architectural flaw in Anthropic’s Model Context Protocol allowing zero-click RCE, the industry response was uniformly chilling: “Working as designed.” When Anthropic then restricted access to Claude Mythos because the offensive implications were too severe, the message was equally clear — the risk doesn’t disappear, it migrates downstream to the practitioner.
In this session, OX Research deconstructs The Mother of All AI Supply Chains — 30+ disclosures, 10+ CVEs — and draws the bigger picture: what this moment means for how security leaders govern AI adoption, own risk that vendors won’t, and build controls around an ecosystem that wasn’t designed with security in mind.
What we’ll cover
- The Research: A walkthrough of The Mother of All AI Supply Chains and what it exposed
- The Governance Crisis: Why “by design” vendor responses are forcing a fundamental shift in downstream responsibility
- The Invisible Attack Surface: How unsecured MCP marketplaces and developer toolchains became your new security perimeter
Taking Control: What your AI governance framework must look like when you can no longer trust the underlying ecosystem
