MCP Poisoning Attack - PoC
@wbfoss
About MCP Poisoning Attack - PoC
This repository demonstrates a variety of **MCP Poisoning Attacks** affecting real-world AI agent workflows.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"mcp-poisoning-poc": {
"command": "python",
"args": [
"-m",
"venv",
"venv"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is MCP Poisoning Attack - PoC?
MCP Poisoning Attack - PoC is a security research proof-of-concept by GenSecAI that demonstrates critical vulnerabilities in the Model Context Protocol (MCP), enabling attackers to exfiltrate data, hijack AI agent behavior, and override security controls through malicious tool descriptions. It is intended for security researchers, AI developers, and defenders seeking to understand and mitigate MCP tool poisoning attacks.
How to use MCP Poisoning Attack - PoC?
Clone the repository, create a Python virtual environment, install dependencies with pip install -r requirements.txt, then run python examples/basic_attack_demo.py. The code provides a MaliciousMCPServer class to simulate attacks and a SecureMCPClient with sanitization, validation, and monitoring for defense.
Key features of MCP Poisoning Attack - PoC
- Demonstrates data exfiltration via hidden tool descriptions
- Shows AI agent hijacking through prompt injection
- Includes time‑delayed attack payloads
- Provides sanitizer and validation defense framework
- Cross‑tool contamination attack simulation
- Ready‑to‑run examples and comprehensive test suite
Use cases of MCP Poisoning Attack - PoC
- Security researchers evaluating MCP‑based AI agent vulnerabilities
- Developers hardening MCP tool integrations against poisoning attacks
- Red teams assessing risk of malicious MCP servers in their pipeline
- Educators illustrating prompt injection and supply chain attacks in AI
FAQ from MCP Poisoning Attack - PoC
What is the primary purpose of this project?
This is a security research project by GenSecAI that demonstrates and defends against MCP tool poisoning vulnerabilities for educational and defensive use only.
What are the runtime requirements?
It requires Python 3.8+ and standard dependencies listed in requirements.txt. No external MCP server runtime is needed.
Is this project safe to use in production?
No; it contains attack code meant for controlled environments only. The README explicitly warns against malicious use and encourages defensive focus.
Where does the data live?
All code and data reside locally in the cloned repository; no external data is transmitted by default.
What attack vectors are shown?
The project covers data exfiltration, tool hijacking, instruction override, and delayed payloads — all exploiting MCP’s trust in tool descriptions.
More Other MCP servers
Nginx UI
0xJackyYet another WebUI for Nginx
Awesome-MCP-ZH
yzflyMCP 资源精选, MCP指南,Claude MCP,MCP Servers, MCP Clients
MCP Toolbox for Databases
googleapisMCP Toolbox for Databases is an open source MCP server for databases.
FastMCP v2 🚀
jlowin🚀 The fast, Pythonic way to build MCP servers and clients.
Inbox Zero AI
elie222The world's best AI personal assistant for email. Open source app to help you reach inbox zero fast.
Comments