In this part of the Interview Series, we’ll look at some of the common security vulnerabilities in the Model Context Protocol (MCP) — a framework designed to let LLMs safely interact with external tools and data sources. MCP is a framework that provides transparency and structure to the way models can access context. It also presents new security risks when not properly managed. In this article, we’ll explore three key threats — MCP Tool Poisoning, Rug Pulls” Tool Hijacking Attacks
Tool Poisoning is when an attacker hides malicious instructions in the Metadata or Description of a MCP Tool.
- The UI only shows a simplified, clean description of the tool.
- LLMs, however, see the full tool definition — including hidden prompts, backdoor commands, or manipulated instructions.
- It is possible to use this mismatch as a way for attackers, who can act silently on the AI’s behalf, to cause it harm or take unauthorized action.
Tool Hijacking
When you link multiple MCP, a tool hijacking attack occurs. serverThe malicious server injects hidden instructions inside its own tool descriptions that try to redirect, override or manipulate the behavior of tools provided by a trusted server. A malicious server will inject hidden instructions into its own tool description to try and redirect, override or manipulate the behavior a tool provided by a trustworthy server.
In this example, the Server B pretended to provide a harmless addition.() The hidden instructions of the tool try to hijack email_sender, which is exposed by server A.
MCP Rug Pulls
MCP Rug Pull occurs when a client approves a tool, but the server later changes it. It’s similar to installing a trusted app that later updates itself into malware — the client believes the tool is safe, but its behavior has silently changed behind the scenes.
Due to the fact that users do not often review their tool specs, it is very difficult to detect this type of attack.
I graduated in Civil Engineering (2022), from Jamia Millia Islamia (New Delhi), and have a strong interest in Data Science. I especially like Neural networks and how they can be applied in many different fields.
