Critical Starlette vulnerability puts millions of AI agents at risk

A significant security flaw in Starlette, a popular open-source Python framework with 325 million weekly downloads, poses a risk to countless AI tools and agents worldwide. This vulnerability permits hackers to infiltrate servers utilizing the framework, potentially compromising sensitive information and third-party account credentials. Starlette, which employs the ASGI (asynchronous server gateway interface) for effective request handling, underpins FastAPI and various other prominent Python frameworks. The risk is heightened as ASGI and Starlette can access servers operating the MCP (model context protocol), allowing AI agents from leading providers to interface with external systems such as user databases, emails, and calendars. Since MCP servers hold valuable credentials, they are prime targets for cybercriminals. A security researcher cautions that exploiting this flaw is straightforward and endangers millions of servers, with thousands of other open-source projects reliant on Starlette also being impacted.