# mcp
64 articlestagged with “mcp”
Agent & Agentic Exploitation
Security overview of autonomous AI agents, covering the expanded attack surface created by tool use, persistent memory, multi-step reasoning, and multi-agent coordination.
Exploiting Agent Tool Use
How to manipulate AI agents into calling tools with attacker-controlled parameters, abusing tool capabilities for data exfiltration, privilege escalation, and unauthorized actions.
Agentic Exploitation
Comprehensive coverage of security vulnerabilities in agentic AI systems, including MCP tool exploitation, multi-agent protocol attacks, function calling abuse, memory system compromise, framework-specific weaknesses, and workflow pattern attacks.
MCP & Tool Surface Exploitation
Attack methodology for the Model Context Protocol (MCP) covering tool schema manipulation, tool poisoning, resource URI traversal, cross-server pivoting, and sampling API abuse.
MCP Authentication Bypass Techniques
Analysis of authentication and authorization bypass vectors in MCP server implementations including token replay and session hijacking.
MCP Capability Escalation
Escalating capabilities beyond authorized MCP server permissions through negotiation abuse.
MCP Configuration Injection
Injecting malicious configuration into MCP server initialization for persistent compromise.
MCP Dynamic Tool Registration Attacks
Attacking dynamic tool registration in MCP to inject malicious tools at runtime.
MCP Multi-Server Lateral Movement
Techniques for pivoting between connected MCP servers to achieve lateral movement in complex agent architectures.
MCP Notification Channel Abuse
Abusing MCP notification channels for data exfiltration and out-of-band command injection.
MCP Prompt Template Injection
Exploiting MCP prompt templates to inject instructions through template variables and arguments.
MCP Resource Data Exfiltration
Methods for extracting sensitive data through MCP resource access patterns and sampling API abuse.
MCP Resource Manipulation Attacks
Exploiting MCP resource exposure to access, modify, or exfiltrate data through resource URIs.
MCP Root Listing Exploitation
Exploiting MCP root listing capabilities to discover and access sensitive file system resources.
MCP Sampling API Exploitation
Exploiting the MCP sampling API to manipulate how servers request LLM completions.
MCP Schema Poisoning Attacks
Exploiting MCP tool schema definitions to inject malicious parameters and override expected behavior.
MCP Server Impersonation Attacks
Impersonating legitimate MCP servers to intercept and manipulate agent-tool communication.
MCP SSE Transport Security Analysis
Security analysis of Server-Sent Events transport in MCP including reconnection attacks and event injection.
MCP stdio Transport Exploitation
Exploiting the stdio transport mechanism in MCP for inter-process communication attacks and data interception.
MCP Tool Description Injection
Techniques for injecting adversarial instructions via MCP tool descriptions and parameter schemas.
MCP Tool Shadowing and Override
Registering malicious tools that shadow legitimate ones to intercept and manipulate agent tool invocations.
MCP Transport Security Vulnerabilities
Analysis of security vulnerabilities in MCP transport layers including stdio, SSE, and HTTP streaming.
MCP Transport Layer Attacks
Methodology for attacking MCP transport mechanisms: stdio pipe injection, SSE stream hijacking, HTTP request smuggling, and transport downgrade attacks.
MCP Authentication Bypass Techniques (Agentic Exploitation)
Bypassing MCP server authentication and authorization mechanisms through token manipulation and scope abuse.
MCP Batch Tool Call Exploitation
Exploit batch tool calling in MCP to create race conditions and bypass per-call validation.
MCP Cross-Server Data Exfiltration
Chain MCP tool calls across servers to exfiltrate data from restricted environments to attacker-controlled endpoints.
MCP Logging and Telemetry Abuse
Exploit MCP logging and telemetry channels to exfiltrate data or inject commands through debug interfaces.
MCP Resource Template Injection
Inject adversarial content through MCP resource URI templates and parameter expansion mechanisms.
MCP SSE Transport Layer Attacks
Exploiting Server-Sent Events transport in MCP for message injection, replay attacks, and session hijacking.
MCP Tool Schema Poisoning
Poisoning MCP tool schemas with hidden instructions in descriptions, parameter types, and validation rules.
MCP Protocol Version Downgrade Attacks
Force MCP protocol version downgrades to exploit vulnerabilities in older protocol implementations.
Agentic AI Security Practice Exam 1
Practice exam focused on MCP exploitation, function calling attacks, and multi-agent security vulnerabilities.
Agentic Exploitation Assessment (Assessment)
Test your knowledge of agentic AI attacks, MCP exploitation, function calling abuse, and multi-agent system vulnerabilities with 15 intermediate-level questions.
Advanced MCP Security Assessment
Comprehensive assessment of MCP protocol vulnerabilities including transport attacks, tool poisoning, and capability escalation.
MCP Security Assessment
Evaluate your knowledge of Model Context Protocol security, tool registration vulnerabilities, transport-layer risks, and MCP-specific attack vectors with 10 intermediate-level questions.
Skill Verification: MCP Exploitation
Hands-on skill verification for MCP transport attacks, tool description injection, and server impersonation.
Skill Verification: MCP Exploitation (Assessment)
Hands-on verification of MCP server exploitation including tool poisoning and resource manipulation.
Capstone: Agentic System Red Team
Red team a multi-agent system with MCP servers, function calling, and inter-agent communication, producing an attack tree and comprehensive findings report.
Case Study: Early MCP Vulnerability Disclosures
Analysis of early MCP vulnerability disclosures including Invariant Labs tool poisoning research.
Case Study: MCP Tool Poisoning Attacks (Invariant Labs 2025)
Analysis of tool poisoning vulnerabilities in the Model Context Protocol (MCP) discovered by Invariant Labs, where malicious tool descriptions manipulate AI agents into data exfiltration and unauthorized actions.
Case Study: MCP Security Vulnerability Disclosure
Analysis of early MCP security vulnerability discoveries including tool poisoning and transport security issues.
Agentic Coding Tools
Security analysis of agentic coding tools like Claude Code, Devin, and Cursor Agent: expanded attack surfaces from file system access, terminal commands, MCP tool use, and autonomous operation.
MCP and Coding Tools Security
Security risks of Model Context Protocol in IDE environments — covering MCP server attacks in development tools, code exfiltration via tool calls, and IDE-specific hardening strategies.
MCP Server Security Hardening
Hardening MCP server implementations against tool poisoning, transport attacks, and privilege escalation.
Secure MCP Deployment Patterns
Deployment patterns for securing MCP server implementations in production agent environments.
Integration & Webhook Security
Methodology for exploiting SSRF through LLM tools, webhook hijacking, insecure function dispatch, output parsing vulnerabilities, OAuth/API key management flaws, and MCP server security in AI pipelines.
Lab: MCP Full Exploitation
Hands-on lab for conducting a complete Model Context Protocol server compromise including tool enumeration, permission escalation, cross-tool attacks, and data exfiltration through MCP channels.
Multi-Hop MCP Server Exploitation
Chain exploits across multiple MCP servers to achieve lateral movement in agent systems.
MCP Multi-Server Pivot Chain
Chain exploits across multiple MCP servers to achieve lateral movement and capability escalation in agent systems.
Agent Heist: Level 2 — MCP Server Takeover
Take control of an MCP-enabled agent by poisoning tool descriptions and chaining exploits.
MCP Server Takeover Challenge
Compromise an MCP server through tool description injection and use it to pivot to other connected services.
Lab: MCP Tool Abuse Scenarios
Hands-on lab for exploiting Model Context Protocol tool definitions through malicious tool descriptions, tool confusion attacks, and server impersonation.
Lab: Advanced MCP Protocol Testing
Perform advanced security testing of MCP servers including transport analysis, capability enumeration, and tool poisoning.
Lab: MCP Server Exploitation
Hands-on lab for attacking a vulnerable MCP server, demonstrating tool shadowing, consent phishing, and server impersonation techniques.
MCP Tool Poisoning Attack
Exploit MCP tool descriptions to inject instructions that redirect agent behavior.
MCP Resource Data Exfiltration (Intermediate Lab)
Exploit MCP resource URIs to access and exfiltrate data beyond intended scope boundaries.
AI-Specific Threat Modeling (Tradecraft)
Applying ATLAS, STRIDE, and attack tree methodologies to AI systems. Trust boundary analysis for agentic architectures, data flow analysis, and MCP threat modeling.
Callback Abuse in MCP
Advanced walkthrough of abusing MCP callback mechanisms for unauthorized actions, data exfiltration, and privilege escalation in agent-tool interactions.
MCP Tool Poisoning Attack Walkthrough
Walkthrough of exploiting MCP tool descriptions to redirect agent behavior via hidden instructions.
MCP Tool Shadowing
Advanced walkthrough of creating shadow tools that override legitimate MCP (Model Context Protocol) tools, enabling interception and manipulation of agent-tool interactions.
Tool Shadowing Attack Walkthrough
Register shadow tools that override legitimate tool definitions to intercept and manipulate agent actions.
MCP Sampling API Abuse Walkthrough
Walkthrough of exploiting the MCP sampling API to manipulate how servers request and process LLM completions.
MCP Server Security Hardening Guide
Harden MCP server implementations against tool poisoning, transport attacks, and capability escalation.
Setting Up Garak Probes for MCP Tool Interactions
Advanced walkthrough on configuring garak probes that target Model Context Protocol (MCP) tool interactions, testing for tool misuse, privilege escalation through tools, and data exfiltration via tool calls.