Bottom line: MCP 2026-07-28 eliminates legacy session risks through statelessness but introduces new attack surfaces in identifier management, HTTP headers, UI apps, and asynchronous tasks.
Anthropic’s Model Context Protocol transitions to stateless architecture for cloud deployments on July 28, 2026. Akamai warns that critical security risks must now be managed at the implementation level by developers and platform operators.
The Model Context Protocol, which Anthropic initially introduced in 2024 as a local tool, undergoes fundamental restructuring with version MCP 2026-07-28. The specification transitions at the transport layer to a fully stateless architecture to enable deployments in enterprise cloud environments. The advance draft was published on May 21, 2026; a twelve-month transition period applies to older versions. OAuth 2.1 becomes a mandatory standard.
Security firm Akamai identifies both gains and new risks in an analysis. The stateless approach positively eliminates classic session hijacking attacks and unsolicited server queries. However, security responsibility fundamentally shifts: instead of protecting the protocol itself, developers and platform operators must now implement critical security boundaries. The server hands tracking identifiers and state objects to the client, which when manipulated or simply guessed allow attackers to take over active workflows or access agent data. New HTTP headers may inadvertently transport API keys or personal data, becoming visible to all intermediate proxies and logging systems. Desynchronization attacks via conflicting headers and packet contents are also possible.
So-called MCP Apps introduce interactive interfaces deployed in isolated iframes. This opens the door to classic web risks such as persistent cross-site scripting — manipulated interfaces can be weaponized for phishing. Additionally, long-running asynchronous background tasks create substantial denial-of-service risk: since task creation is resource-efficient for the client but computationally expensive for the server, attackers can deliberately exhaust server resources through repeated requests.
Maxim Zavodchik, senior director of threat research at Akamai, summarizes: “As the protocol moves to a stateless model and introduces feature-rich UI apps and asynchronous tasks, critical security boundaries now depend entirely on how developers implement them.” System security is thus substantially determined by concrete implementation decisions of organizations.
Source: www.it-daily.net · Published June 29, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.