security vulnerabilities discovered within the Model Context Protocol (MCP), a framework enabling AI agents to interact with external tools. A primary threat highlighted is "tool poisoning," where malicious instructions are hidden in tool descriptions, deceiving AI models into performing unauthorized actions like data exfiltration. Other risks include "rug pull" attacks, where tool definitions change after approval, and "cross-server shadowing," where one server's tools manipulate another's. To mitigate these dangers, recommendations include user vigilance, disabling auto-approval, implementing security scanning, and using trusted MCP sources. The sources also explore potential security solutions such as Trusted Execution Environments (TEEs), protocol-level attestation, secure server hosting, and MCP firewalls.
