By-Design Vulnerability

A By-Design Vulnerability is a security-impacting behaviour that the upstream vendor explicitly acknowledges but declines to fix, on the grounds that the behaviour is intentional and that mitigation is the responsibility of downstream operators. The label is informal — there is no formal CVE category for it — but the operational reality it describes is consequential: the people best positioned to fix the issue (the vendor with code access) refuse to, and the burden falls entirely on consumers who often lack the visibility or authority to retrofit the necessary controls.

The pattern is older than agentic AI. Decades of shell-injection research has classified user-controlled inputs into system() as a developer-responsibility issue rather than a libc bug. SQL string concatenation has the same lineage. The novelty in 2026 is not the pattern but the scale at which it now applies: the April 2026 Anthropic MCP SDK configuration-channel injection disclosure, documented in the Anthropic MCP SDK vulnerability analysis, produced a single by-design vulnerability that propagates across ~7,000 public MCP servers and over 150 million combined SDK downloads. There is no precedent for transferring sanitisation responsibility at that scale.

Why By-Design Vulnerabilities Are Operationally Different

Three properties distinguish a by-design vulnerability from a normal unpatched bug. First, there is no patch on the way. Operators cannot wait for an upstream fix — they must implement mitigation themselves and maintain it indefinitely. Second, the upstream documentation rarely highlights the issue. A by-design vulnerability is, by definition, working as intended from the vendor's perspective; the security advisory exists only because external researchers forced its publication. Third, the mitigation pattern is not standardised. Each operator builds their own sanitisation layer, leading to inconsistent quality and a patchwork of partially-effective defences across the ecosystem.

Detection and Operational Response

Identifying a by-design vulnerability in your stack typically means reading vendor security advisories carefully — looking for language that frames the issue as documentation, configuration, or operator responsibility rather than a bug. Once identified, the response is fully on the operator: enumerate the exposure (every place the by-design behaviour applies in your deployment), implement the mitigating layer (sanitisation, allowlisting, sandboxing — whatever applies to the specific class), and treat the mitigation as a permanent component of your security posture rather than a temporary patch.

For the agentic supply chain specifically, by-design vulnerabilities are an expected category of finding in any MCP Security Audit. The audit identifies them, maps them to your specific deployment, and produces the operator-side mitigation plan that the upstream vendor will not provide.