The upcoming MCP 2026-07-28 specification fundamentally reshapes the protocol's security model by moving to a stateless architecture, eliminating protocol-managed sessions, and mandating OAuth 2.1 with PKCE. While this removes historical attack vectors like session hijacking and unsolicited server prompts, it introduces new risks: client-controlled state objects and tracking IDs enable cross-agent workflow hijacking, the _meta object allows metadata-based privilege escalation, new HTTP headers create desync and data leakage opportunities, MCP Apps bring stored XSS into AI interfaces, and asynchronous tasks introduce resource exhaustion DoS vectors. Security responsibility now rests squarely on MCP server developers and platform operators to implement cryptographic state verification, input validation, output encoding, and resource quotas.