A vulnerability in a popular Model Context Protocol (MCP) server hosting service was discovered, allowing attackers to access sensitive files and overprivileged administrative credentials, which potentially impacted thousands of AI servers. This vulnerability, a configuration bug, enabled unauthorized access to over 3,000 hosted AI servers, risking the exposure of API keys and secrets from numerous customers across various services. Although the vulnerability was quickly patched after being responsibly disclosed, it highlights the risks associated with centralized AI infrastructures, where a single flaw can compromise entire ecosystems. Smithery.ai, the MCP server registry in question, uses GitHub repositories to manage server code and configurations, which are then built into Docker images for hosting. The flaw involved improper control of the dockerBuildPath value, allowing attackers to access and exfiltrate sensitive files from the build machine. This breach underlined the supply chain risks and the importance of managing server credentials effectively, as attackers could execute arbitrary code on affected MCP servers and potentially intercept sensitive information. The incident serves as a warning for the need for robust security measures and careful management of authentication secrets in centralized AI hosting models.