# mcp
標記為「mcp」的 154 篇文章
Agent Delegation Attacks
Exploiting multi-agent delegation patterns to achieve lateral movement, privilege escalation, and command-and-control through impersonation and insecure inter-agent communication.
Agent Supply Chain Attacks
Compromising AI agents through poisoned packages, backdoored MCP servers, malicious model registries, and weaponized agent frameworks -- including the Postmark MCP breach and NullBulge campaigns.
Agent & Agentic Exploitation
Security overview of autonomous AI agents, covering the expanded attack surface created by tool use, persistent memory, multi-step reasoning, and multi-agent coordination.
MCP Authentication Gaps: Securing MCP Server Authentication
A defense-focused guide to understanding authentication weaknesses in MCP server deployments -- 38% of scanned servers lack any authentication -- and implementing robust token-based auth, mTLS, and middleware-based access control.
MCP Command Injection: Understanding and Preventing Shell Injection in MCP Servers
A defense-focused guide to understanding how command injection vulnerabilities arise in MCP server implementations, analyzing CVE-2025-6514 (CVSS 9.6), and implementing robust input sanitization, parameterized commands, and sandboxing to protect MCP deployments.
MCP Cross-Client Data Leak: Preventing Session Isolation Failures
A defense-focused guide to understanding and preventing data leaks across MCP client sessions, analyzing CVE-2026-25536 and implementing session-isolated state management to protect multi-tenant MCP deployments.
MCP Denial of Wallet: Preventing Token Consumption Attacks
A defense-focused guide to understanding denial-of-wallet attacks via MCP -- how malicious servers create overthinking loops causing 142.4x token amplification -- and implementing budget controls, rate limiting, and cost monitoring to protect LLM endpoints.
MCP Path Traversal: Preventing File System Escapes in MCP Servers
A defense-focused guide to preventing path traversal vulnerabilities in MCP file operations -- 82% of implementations use file operations prone to traversal -- with working filesystem sandboxing, path validation, chroot jails, and detection rules.
MCP Security: Understanding and Defending the Protocol
A comprehensive guide to Model Context Protocol security — understanding the attack surface, known vulnerabilities (30+ CVEs in early 2026), and implementing robust defenses for MCP-enabled AI agent systems.
MCP Security Testing: How to Test MCP Servers for Vulnerabilities
A defense-focused guide to security testing MCP server implementations -- methodology for MCP security assessments, scanning tools, common test cases for auth bypass, injection, traversal, and data leaks, with working test scripts and reporting templates.
MCP Server Hardening Guide: Complete Deployment Security
A comprehensive hardening guide for MCP server deployments -- covering a 24-item security checklist, Docker isolation, Nginx reverse proxy configuration, logging and monitoring setup, and network policy enforcement with working configurations for every component.
MCP Supply Chain Security: Defending Against Backdoored MCP Packages
A defense-focused guide to securing the MCP package supply chain -- analyzing the Postmark MCP breach, understanding how malicious MCP servers are distributed, and implementing package verification, dependency scanning, and policy enforcement.
Exploiting Agent Tool Use
How to manipulate AI agents into calling tools with attacker-controlled parameters, abusing tool capabilities for data exfiltration, privilege escalation, and unauthorized actions.
Tool Use Exploitation
Comprehensive techniques for exploiting how AI agents call external tools and APIs, including tool description poisoning, overly permissive access abuse, and tool output manipulation.
Agentic Exploitation
Comprehensive coverage of security vulnerabilities in agentic AI systems, including MCP tool exploitation, multi-agent protocol attacks, function calling abuse, memory system compromise, framework-specific weaknesses, and workflow pattern attacks.
MCP & Tool Surface Exploitation
Attack methodology for the Model Context Protocol (MCP) covering tool schema manipulation, tool poisoning, resource URI traversal, cross-server pivoting, and sampling API abuse.
MCP Authentication Bypass Techniques
Analysis of authentication and authorization bypass vectors in MCP server implementations including token replay and session hijacking.
MCP Capability Escalation
Escalating capabilities beyond authorized MCP server permissions through negotiation abuse.
MCP Configuration Injection
Injecting malicious configuration into MCP server initialization for persistent compromise.
MCP Dynamic Tool Registration Attacks
Attacking dynamic tool registration in MCP to inject malicious tools at runtime.
MCP Multi-Server Lateral Movement
Techniques for pivoting between connected MCP servers to achieve lateral movement in complex agent architectures.
MCP Notification Channel Abuse
Abusing MCP notification channels for data exfiltration and out-of-band command injection.
MCP Prompt Template Injection
Exploiting MCP prompt templates to inject instructions through template variables and arguments.
MCP Resource Data Exfiltration
Methods for extracting sensitive data through MCP resource access patterns and sampling API abuse.
MCP Resource Manipulation Attacks
Exploiting MCP resource exposure to access, modify, or exfiltrate data through resource URIs.
MCP Root Listing Exploitation
Exploiting MCP root listing capabilities to discover and access sensitive file system resources.
MCP Sampling API Exploitation
Exploiting the MCP sampling API to manipulate how servers request LLM completions.
MCP Schema Poisoning Attacks
Exploiting MCP tool schema definitions to inject malicious parameters and override expected behavior.
MCP Server Impersonation Attacks
Impersonating legitimate MCP servers to intercept and manipulate agent-tool communication.
MCP SSE Transport Security Analysis
Security analysis of Server-Sent Events transport in MCP including reconnection attacks and event injection.
MCP stdio Transport Exploitation
Exploiting the stdio transport mechanism in MCP for inter-process communication attacks and data interception.
MCP Tool Description Injection
Techniques for injecting adversarial instructions via MCP tool descriptions and parameter schemas.
MCP Tool Shadowing and Override
Registering malicious tools that shadow legitimate ones to intercept and manipulate agent tool invocations.
MCP Transport Security Vulnerabilities
Analysis of security vulnerabilities in MCP transport layers including stdio, SSE, and HTTP streaming.
MCP Transport Layer Attacks
Methodology for attacking MCP transport mechanisms: stdio pipe injection, SSE stream hijacking, HTTP request smuggling, and transport downgrade attacks.
MCP Authentication Bypass Techniques (Agentic Exploitation)
Bypassing MCP server authentication and authorization mechanisms through token manipulation and scope abuse.
MCP Batch Tool Call Exploitation
Exploit batch tool calling in MCP to create race conditions and bypass per-call validation.
MCP Cross-Server Data Exfiltration
Chain MCP tool calls across servers to exfiltrate data from restricted environments to attacker-controlled endpoints.
MCP Logging and Telemetry Abuse
Exploit MCP logging and telemetry channels to exfiltrate data or inject commands through debug interfaces.
MCP Resource Template Injection
Inject adversarial content through MCP resource URI templates and parameter expansion mechanisms.
MCP SSE Transport Layer Attacks
Exploiting Server-Sent Events transport in MCP for message injection, replay attacks, and session hijacking.
MCP Tool Schema Poisoning
Poisoning MCP tool schemas with hidden instructions in descriptions, parameter types, and validation rules.
MCP Protocol Version Downgrade Attacks
Force MCP protocol version downgrades to exploit vulnerabilities in older protocol implementations.
Agentic AI Security Practice Exam 1
Practice exam focused on MCP exploitation, function calling attacks, and multi-agent security vulnerabilities.
Agentic Exploitation Assessment (Assessment)
Test your knowledge of agentic AI attacks, MCP exploitation, function calling abuse, and multi-agent system vulnerabilities with 15 intermediate-level questions.
Advanced MCP Security Assessment
Comprehensive assessment of MCP protocol vulnerabilities including transport attacks, tool poisoning, and capability escalation.
MCP Security Assessment
Evaluate your knowledge of Model Context Protocol security, tool registration vulnerabilities, transport-layer risks, and MCP-specific attack vectors with 10 intermediate-level questions.
Skill Verification: MCP Exploitation
Hands-on skill verification for MCP transport attacks, tool description injection, and server impersonation.
Skill Verification: MCP Exploitation (Assessment)
Hands-on verification of MCP server exploitation including tool poisoning and resource manipulation.
Capstone: Agentic System Red Team
Red team a multi-agent system with MCP servers, function calling, and inter-agent communication, producing an attack tree and comprehensive findings report.
Case Study: Early MCP Vulnerability Disclosures
Analysis of early MCP vulnerability disclosures including Invariant Labs tool poisoning research.
Case Study: MCP Tool Poisoning Attacks (Invariant Labs 2025)
Analysis of tool poisoning vulnerabilities in the Model Context Protocol (MCP) discovered by Invariant Labs, where malicious tool descriptions manipulate AI agents into data exfiltration and unauthorized actions.
Case Study: MCP Security Vulnerability Disclosure
Analysis of early MCP security vulnerability discoveries including tool poisoning and transport security issues.
Agentic Coding Tools
Security analysis of agentic coding tools like Claude Code, Devin, and Cursor Agent: expanded attack surfaces from file system access, terminal commands, MCP tool use, and autonomous operation.
MCP and Coding Tools Security
Security risks of Model Context Protocol in IDE environments — covering MCP server attacks in development tools, code exfiltration via tool calls, and IDE-specific hardening strategies.
MCP Server Security Hardening
Hardening MCP server implementations against tool poisoning, transport attacks, and privilege escalation.
Secure MCP Deployment Patterns
Deployment patterns for securing MCP server implementations in production agent environments.
Integration & Webhook Security
Methodology for exploiting SSRF through LLM tools, webhook hijacking, insecure function dispatch, output parsing vulnerabilities, OAuth/API key management flaws, and MCP server security in AI pipelines.
Lab: MCP Full Exploitation
Hands-on lab for conducting a complete Model Context Protocol server compromise including tool enumeration, permission escalation, cross-tool attacks, and data exfiltration through MCP channels.
Multi-Hop MCP Server Exploitation
Chain exploits across multiple MCP servers to achieve lateral movement in agent systems.
MCP Multi-Server Pivot Chain
Chain exploits across multiple MCP servers to achieve lateral movement and capability escalation in agent systems.
Agent Heist: Level 2 — MCP Server Takeover
Take control of an MCP-enabled agent by poisoning tool descriptions and chaining exploits.
MCP Server Takeover Challenge
Compromise an MCP server through tool description injection and use it to pivot to other connected services.
Lab: MCP Tool Abuse Scenarios
Hands-on lab for exploiting Model Context Protocol tool definitions through malicious tool descriptions, tool confusion attacks, and server impersonation.
Lab: Advanced MCP Protocol Testing
Perform advanced security testing of MCP servers including transport analysis, capability enumeration, and tool poisoning.
Lab: MCP Server Exploitation
Hands-on lab for attacking a vulnerable MCP server, demonstrating tool shadowing, consent phishing, and server impersonation techniques.
MCP Tool Poisoning Attack
Exploit MCP tool descriptions to inject instructions that redirect agent behavior.
MCP Resource Data Exfiltration (Intermediate Lab)
Exploit MCP resource URIs to access and exfiltrate data beyond intended scope boundaries.
AI-Specific Threat Modeling (Tradecraft)
Applying ATLAS, STRIDE, and attack tree methodologies to AI systems. Trust boundary analysis for agentic architectures, data flow analysis, and MCP threat modeling.
Callback Abuse in MCP
Advanced walkthrough of abusing MCP callback mechanisms for unauthorized actions, data exfiltration, and privilege escalation in agent-tool interactions.
MCP Tool Poisoning Attack Walkthrough
Walkthrough of exploiting MCP tool descriptions to redirect agent behavior via hidden instructions.
MCP Tool Shadowing
Advanced walkthrough of creating shadow tools that override legitimate MCP (Model Context Protocol) tools, enabling interception and manipulation of agent-tool interactions.
Tool Shadowing Attack Walkthrough
Register shadow tools that override legitimate tool definitions to intercept and manipulate agent actions.
MCP Sampling API Abuse Walkthrough
Walkthrough of exploiting the MCP sampling API to manipulate how servers request and process LLM completions.
MCP Server Security Hardening Guide
Harden MCP server implementations against tool poisoning, transport attacks, and capability escalation.
Setting Up Garak Probes for MCP Tool Interactions
Advanced walkthrough on configuring garak probes that target Model Context Protocol (MCP) tool interactions, testing for tool misuse, privilege escalation through tools, and data exfiltration via tool calls.
代理 Delegation 攻擊s
利用ing multi-agent delegation patterns to achieve lateral movement, privilege escalation, and command-and-control through impersonation and insecure inter-agent communication.
代理 Supply Chain 攻擊s
Compromising AI agents through poisoned packages, backdoored MCP servers, malicious model registries, and weaponized agent frameworks -- including the Postmark MCP breach and NullBulge campaigns.
代理與代理式利用
自主 AI 代理的安全概覽,涵蓋由工具呼叫、持久記憶體、多步推理與多代理協調所建立的擴大攻擊面。
MCP Authentication Gaps: Securing MCP Server Authentication
A defense-focused guide to understanding authentication weaknesses in MCP server deployments -- 38% of scanned servers lack any authentication -- and implementing robust token-based auth, mTLS, and middleware-based access control.
MCP Command Injection: Understanding and Preventing Shell Injection in MCP Servers
A defense-focused guide to understanding how command injection vulnerabilities arise in MCP server implementations, analyzing CVE-2025-6514 (CVSS 9.6), and implementing robust input sanitization, parameterized commands, and sandboxing to protect MCP deployments.
MCP Cross-Client Data Leak: Preventing Session Isolation Failures
A defense-focused guide to understanding and preventing data leaks across MCP client sessions, analyzing CVE-2026-25536 and implementing session-isolated state management to protect multi-tenant MCP deployments.
MCP Denial of Wallet: Preventing Token Consumption 攻擊s
A defense-focused guide to understanding denial-of-wallet attacks via MCP -- how malicious servers create overthinking loops causing 142.4x token amplification -- and implementing budget controls, rate limiting, and cost monitoring to protect LLM endpoints.
MCP Path Traversal: Preventing File System Escapes in MCP Servers
A defense-focused guide to preventing path traversal vulnerabilities in MCP file operations -- 82% of implementations use file operations prone to traversal -- with working filesystem sandboxing, path validation, chroot jails, and detection rules.
MCP 安全: Understanding and Defending the Protocol
A comprehensive guide to 模型 Context Protocol security — understanding the attack surface, known vulnerabilities (30+ CVEs in early 2026), and implementing robust defenses for MCP-enabled AI agent systems.
MCP 安全 Testing: How to Test MCP Servers for Vulnerabilities
A defense-focused guide to security testing MCP server implementations -- methodology for MCP security assessments, scanning tools, common test cases for auth bypass, injection, traversal, and data leaks, with working test scripts and reporting templates.
MCP Server Hardening 指南: Complete Deployment 安全
A comprehensive hardening guide for MCP server deployments -- covering a 24-item security checklist, Docker isolation, Nginx reverse proxy configuration, logging and monitoring setup, and network policy enforcement with working configurations for every component.
MCP Supply Chain 安全: Defending Against Backdoored MCP Packages
A defense-focused guide to securing the MCP package supply chain -- analyzing the Postmark MCP breach, understanding how malicious MCP servers are distributed, and implementing package verification, dependency scanning, and policy enforcement.
利用代理工具使用
如何操弄 AI 代理,使其以攻擊者可控的參數呼叫工具,並濫用其能力達成資料外洩、提權,以及未授權動作。
工具 Use 利用ation
Comprehensive techniques for exploiting how AI agents call external tools and APIs, including tool description poisoning, overly permissive access abuse, and tool output manipulation.
代理式利用
代理式 AI 系統中安全漏洞的完整涵蓋,包含 MCP 工具利用、多代理協議攻擊、函式呼叫濫用、記憶體系統入侵、框架特定弱點與工作流程模式攻擊。
MCP & 工具 Surface 利用ation
攻擊 methodology for the 模型 Context Protocol (MCP) covering tool schema manipulation, tool poisoning, resource URI traversal, cross-server pivoting, and sampling API abuse.
MCP Authentication Bypass Techniques
Analysis of authentication and authorization bypass vectors in MCP server implementations including token replay and session hijacking.
MCP Capability Escalation
Escalating capabilities beyond authorized MCP server permissions through negotiation abuse.
MCP Configuration Injection
Injecting malicious configuration into MCP server initialization for persistent compromise.
MCP Dynamic 工具 Registration 攻擊s
攻擊ing dynamic tool registration in MCP to inject malicious tools at runtime.
MCP Multi-Server Lateral Movement
Techniques for pivoting between connected MCP servers to achieve lateral movement in complex agent architectures.
MCP Notification Channel Abuse
Abusing MCP notification channels for data exfiltration and out-of-band command injection.
MCP Prompt Template Injection
利用ing MCP prompt templates to inject instructions through template variables and arguments.
MCP Resource Data Exfiltration
Methods for extracting sensitive data through MCP resource access patterns and sampling API abuse.
MCP Resource Manipulation 攻擊s
利用ing MCP resource exposure to access, modify, or exfiltrate data through resource URIs.
MCP Root Listing 利用ation
利用ing MCP root listing capabilities to discover and access sensitive file system resources.
MCP Sampling API 利用ation
利用ing the MCP sampling API to manipulate how servers request LLM completions.
MCP Schema 投毒 攻擊s
利用ing MCP tool schema definitions to inject malicious parameters and override expected behavior.
MCP Server Impersonation 攻擊s
Impersonating legitimate MCP servers to intercept and manipulate agent-tool communication.
MCP SSE Transport 安全 Analysis
安全 analysis of Server-Sent Events transport in MCP including reconnection attacks and event injection.
MCP stdio Transport 利用ation
利用ing the stdio transport mechanism in MCP for inter-process communication attacks and data interception.
MCP 工具 Description Injection
Techniques for injecting adversarial instructions via MCP tool descriptions and parameter schemas.
MCP 工具 Shadowing and Override
Registering malicious tools that shadow legitimate ones to intercept and manipulate agent tool invocations.
MCP Transport 安全 Vulnerabilities
Analysis of security vulnerabilities in MCP transport layers including stdio, SSE, and HTTP streaming.
MCP 傳輸層攻擊
攻擊 MCP 傳輸機制之方法論:stdio pipe 注入、SSE 串流劫持、HTTP request smuggling,以及傳輸降級攻擊。
MCP Authentication Bypass Techniques (代理式 利用ation)
Bypassing MCP server authentication and authorization mechanisms through token manipulation and scope abuse.
MCP Batch 工具 Call 利用ation
利用 batch tool calling in MCP to create race conditions and bypass per-call validation.
MCP Cross-Server Data Exfiltration
Chain MCP tool calls across servers to exfiltrate data from restricted environments to attacker-controlled endpoints.
MCP Logging and Telemetry Abuse
利用 MCP logging and telemetry channels to exfiltrate data or inject commands through debug interfaces.
MCP Resource Template Injection
Inject adversarial content through MCP resource URI templates and parameter expansion mechanisms.
MCP SSE Transport Layer 攻擊s
利用ing Server-Sent Events transport in MCP for message injection, replay attacks, and session hijacking.
MCP 工具 Schema 投毒
投毒 MCP tool schemas with hidden instructions in descriptions, parameter types, and validation rules.
MCP Protocol Version Downgrade 攻擊s
Force MCP protocol version downgrades to exploit vulnerabilities in older protocol implementations.
代理式 AI 安全 Practice Exam 1
Practice exam focused on MCP exploitation, function calling attacks, and multi-agent security vulnerabilities.
章節評量:代理利用
15 題校準評量,測試你對代理式 AI 利用的理解——工具濫用、MCP 攻擊、記憶體投毒與多代理安全。
進階 MCP 安全 評量
Comprehensive assessment of MCP protocol vulnerabilities including transport attacks, tool poisoning, and capability escalation.
章節評量:MCP 安全
15 題校準評量,測試你對模型上下文協議安全的理解——工具遮蔽、傳輸攻擊、伺服器審查與設定安全。
Skill Verification: MCP 利用ation
Hands-on skill verification for MCP transport attacks, tool description injection, and server impersonation.
Skill Verification: MCP 利用ation (評量)
Hands-on verification of MCP server exploitation including tool poisoning and resource manipulation.
代理式 AI 安全完整指南
保護代理式 AI 系統的完整指南——涵蓋工具使用風險、多代理架構、MCP 安全、記憶體投毒與實務防禦策略。
MCP 安全:新的攻擊面
深入探討模型上下文協議安全——分析工具註冊攻擊、傳輸層風險、跨伺服器利用與實務強化策略。
Capstone: 代理式 System 紅隊
Red team a multi-agent system with MCP servers, function calling, and inter-agent communication, producing an attack tree and comprehensive findings report.
Case Study: Early MCP 漏洞 Disclosures
Analysis of early MCP vulnerability disclosures including Invariant 實驗室s tool poisoning research.
Case Study: MCP 工具 投毒 攻擊s (Invariant 實驗室s 2025)
Analysis of tool poisoning vulnerabilities in the 模型 Context Protocol (MCP) discovered by Invariant 實驗室s, where malicious tool descriptions manipulate AI agents into data exfiltration and unauthorized actions.
Case Study: MCP 安全 漏洞 Disclosure
Analysis of early MCP security vulnerability discoveries including tool poisoning and transport security issues.
代理式編碼工具
對代理式編碼工具(如 Claude Code、Devin、Cursor Agent)的安全分析:自檔案系統存取、終端指令、MCP 工具使用,以及自主操作而擴展之攻擊面。
MCP 與程式設計工具安全
IDE 環境中模型上下文協議的安全風險——涵蓋開發工具中的 MCP 伺服器攻擊、透過工具呼叫的程式碼外洩與 IDE 特定強化策略。
MCP Server 安全 Hardening
Hardening MCP server implementations against tool poisoning, transport attacks, and privilege escalation.
Secure MCP Deployment Patterns
Deployment patterns for securing MCP server implementations in production agent environments.
Integration & Webhook 安全
Methodology for exploiting SSRF through LLM tools, webhook hijacking, insecure function dispatch, output parsing vulnerabilities, OAuth/API key management flaws, and MCP server security in AI pipelines.
實驗室: MCP Full 利用ation
Hands-on lab for conducting a complete 模型 Context Protocol server compromise including tool enumeration, permission escalation, cross-tool attacks, and data exfiltration through MCP channels.
Multi-Hop MCP Server 利用ation
Chain exploits across multiple MCP servers to achieve lateral movement in agent systems.
MCP Multi-Server Pivot Chain
Chain exploits across multiple MCP servers to achieve lateral movement and capability escalation in agent systems.
代理 Heist: Level 2 — MCP Server Takeover
Take control of an MCP-enabled agent by poisoning tool descriptions and chaining exploits.
MCP Server Takeover Challenge
Compromise an MCP server through tool description injection and use it to pivot to other connected services.
實驗室: MCP 工具 Abuse Scenarios
Hands-on lab for exploiting 模型 Context Protocol tool definitions through malicious tool descriptions, tool confusion attacks, and server impersonation.
實驗室: 進階 MCP Protocol Testing
Perform advanced security testing of MCP servers including transport analysis, capability enumeration, and tool poisoning.
實驗室: MCP Server 利用ation
Hands-on lab for attacking a vulnerable MCP server, demonstrating tool shadowing, consent phishing, and server impersonation techniques.
MCP 工具 投毒 攻擊
利用 MCP tool descriptions to inject instructions that redirect agent behavior.
MCP Resource Data Exfiltration (中階 實驗室)
利用 MCP resource URIs to access and exfiltrate data beyond intended scope boundaries.
AI 特有威脅建模(Tradecraft)
將 ATLAS、STRIDE 與攻擊樹方法論套用於 AI 系統。代理式架構的信任邊界分析、資料流分析,以及 MCP 威脅建模。
Callback Abuse in MCP
進階 walkthrough of abusing MCP callback mechanisms for unauthorized actions, data exfiltration, and privilege escalation in agent-tool interactions.
MCP 工具 投毒 攻擊 導覽
導覽 of exploiting MCP tool descriptions to redirect agent behavior via hidden instructions.
MCP 工具 Shadowing
進階 walkthrough of creating shadow tools that override legitimate MCP (模型 Context Protocol) tools, enabling interception and manipulation of agent-tool interactions.
工具 Shadowing 攻擊 導覽
Register shadow tools that override legitimate tool definitions to intercept and manipulate agent actions.
MCP Sampling API Abuse 導覽
導覽 of exploiting the MCP sampling API to manipulate how servers request and process LLM completions.
MCP Server 安全 Hardening 指南
Harden MCP server implementations against tool poisoning, transport attacks, and capability escalation.
Setting Up Garak Probes for MCP 工具 Interactions
進階 walkthrough on configuring garak probes that target 模型 Context Protocol (MCP) tool interactions, testing for tool misuse, privilege escalation through tools, and data exfiltration via tool calls.