MCP.so
ログイン

MCP Poisoning Attack - PoC

@wbfoss

MCP Poisoning Attack - PoC について

This repository demonstrates a variety of **MCP Poisoning Attacks** affecting real-world AI agent workflows.

基本情報

カテゴリ

その他

ライセンス

MIT

ランタイム

python

トランスポート

stdio

公開者

wbfoss

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "mcp-poisoning-poc": {
      "command": "python",
      "args": [
        "-m",
        "venv",
        "venv"
      ]
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is MCP Poisoning Attack - PoC?

MCP Poisoning Attack - PoC is a security research proof-of-concept by GenSecAI that demonstrates critical vulnerabilities in the Model Context Protocol (MCP), enabling attackers to exfiltrate data, hijack AI agent behavior, and override security controls through malicious tool descriptions. It is intended for security researchers, AI developers, and defenders seeking to understand and mitigate MCP tool poisoning attacks.

How to use MCP Poisoning Attack - PoC?

Clone the repository, create a Python virtual environment, install dependencies with pip install -r requirements.txt, then run python examples/basic_attack_demo.py. The code provides a MaliciousMCPServer class to simulate attacks and a SecureMCPClient with sanitization, validation, and monitoring for defense.

Key features of MCP Poisoning Attack - PoC

  • Demonstrates data exfiltration via hidden tool descriptions
  • Shows AI agent hijacking through prompt injection
  • Includes time‑delayed attack payloads
  • Provides sanitizer and validation defense framework
  • Cross‑tool contamination attack simulation
  • Ready‑to‑run examples and comprehensive test suite

Use cases of MCP Poisoning Attack - PoC

  • Security researchers evaluating MCP‑based AI agent vulnerabilities
  • Developers hardening MCP tool integrations against poisoning attacks
  • Red teams assessing risk of malicious MCP servers in their pipeline
  • Educators illustrating prompt injection and supply chain attacks in AI

FAQ from MCP Poisoning Attack - PoC

What is the primary purpose of this project?

This is a security research project by GenSecAI that demonstrates and defends against MCP tool poisoning vulnerabilities for educational and defensive use only.

What are the runtime requirements?

It requires Python 3.8+ and standard dependencies listed in requirements.txt. No external MCP server runtime is needed.

Is this project safe to use in production?

No; it contains attack code meant for controlled environments only. The README explicitly warns against malicious use and encourages defensive focus.

Where does the data live?

All code and data reside locally in the cloned repository; no external data is transmitted by default.

What attack vectors are shown?

The project covers data exfiltration, tool hijacking, instruction override, and delayed payloads — all exploiting MCP’s trust in tool descriptions.

コメント

「その他」の他のコンテンツ