I've disabled all MCP servers on my machine until this security nightmare is fully resolved.

MCP is not that elegant anyway, looks more like a hack and ignores decades of web dev/security best practices.

What the issues, if you use quality MCP tools?

Also MCP is only transport and there is a lot of mixup to blame the MCP, as most of the prompt injection and similar come from the "TOOLS" behind the MCP. Not MCP as it self here.

Seem this security hype forget one key point: Supply chain & trusted sources.

What is the risk running an MCP server from Microsoft? Or Anthropic? Google?

All the reports explain attacks using flawed MCP servers, so from sources that either are malicious or compromised.